CVE-2023-28989: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the weDevs Happy Addons for Elementor WordPress plugin, affecting versions 3.8.2 and below. The vulnerability was discovered on December 13, 2022, and was publicly disclosed on March 29, 2023, with CVE-2023-28989 being assigned (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. It received varying CVSS scores from different sources: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction but does not require authentication from the attacker's side (Patchstack).

The vulnerability has been patched in version 3.8.3 of the Happy Addons for Elementor plugin. Users are advised to update to version 3.8.3 or later to remove the vulnerability. The fix was released shortly after the vulnerability was reported (Patchstack).