CVE-2023-32507: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in wp3sixty Woo Custom Emails plugin versions through 2.2. The vulnerability was discovered on March 31, 2023, and publicly disclosed on May 9, 2023. This security flaw allows unauthorized access to security levels due to incorrectly configured access control (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 7.3 (High). The technical assessment indicates that the vulnerability stems from missing authorization, authentication, or nonce token checks in certain functions, potentially allowing unprivileged users to execute higher privileged actions. The vulnerability can be exploited remotely with low attack complexity and requires no user interaction (Patchstack).

The vulnerability is considered highly dangerous and is expected to become mass exploited. It allows unauthenticated users to make unauthorized settings changes to the WordPress installation, potentially compromising the security and functionality of the affected websites (Patchstack).

As of the disclosure, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately or consider alternative email customization solutions (Patchstack).