CVE-2023-32245: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in WPDeveloper Essential Addons for Elementor Pro, affecting versions through 5.4.8. The vulnerability was disclosed on May 15, 2023, and assigned identifier CVE-2023-32245 (Patchstack).

The vulnerability is classified as a Server Side Request Forgery (SSRF) issue that could allow unauthenticated users to perform SSRF attacks. The CVSS scores vary between sources, with NVD assigning a base score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) while Patchstack rates it at 5.4 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) (NVD, WPScan).

If exploited, this vulnerability could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker's choosing. This could potentially lead to the discovery of sensitive information about other services running on the system (Patchstack).

The vulnerability has been fixed in version 5.4.9 of Essential Addons for Elementor Pro. Users are advised to update to this version or later to remove the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).