CVE-2023-31077: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the ReCorp Export WP Page to Static HTML/CSS WordPress plugin affecting versions up to and including 2.1.9. The vulnerability was identified on October 25, 2023, and was assigned CVE-2023-31077. The issue was discovered by security researcher konagash (Wordfence Intel, Patchstack).

The vulnerability stems from missing or incorrect nonce validation on multiple AJAX actions in the plugin. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-352: Cross-Site Request Forgery (NVD, WPScan).

This vulnerability allows unauthenticated attackers to perform unauthorized actions, such as triggering an HTML export, by tricking site administrators into performing specific actions like clicking on malicious links (WPScan).

The vulnerability has been fixed in version 2.2.0 of the Export WP Page to Static HTML/CSS plugin. Users are advised to update to this version or later to remove the vulnerability (WPScan).