CVE-2023-3025: 
WordPress vulnerability analysis and mitigation

The Dropbox Folder Share plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability in versions up to and including 1.9.7. The vulnerability was discovered in September 2023 and is tracked as CVE-2023-3025. The vulnerability affects the plugin's handling of the 'link' parameter and allows unauthenticated attackers to make web requests to arbitrary locations (Wordfence).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N. The issue exists in the plugin's handling of the 'link' parameter, which can be exploited without authentication. The vulnerable code is located in the Principal.php file of the plugin (Plugin Source).

If exploited, this vulnerability allows attackers to make web requests originating from the web application server. This can be used to query and modify information from internal services, potentially exposing sensitive information or allowing attackers to interact with systems that should not be accessible from the internet (Wordfence).

Website administrators running the affected versions of the Dropbox Folder Share plugin should update to a version newer than 1.9.7 if available. If an update is not possible, it is recommended to remove the plugin until a patched version can be installed (Plugin Source).