CVE-2023-32744: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in WooCommerce Product Recommendations plugin versions 2.3.0 and earlier. The vulnerability was identified and reported by Rafie Muhammad on April 13, 2023, and was publicly disclosed on May 15, 2023. This security issue affects WordPress installations using the vulnerable versions of the WooCommerce Product Recommendations plugin (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, tracked as CVE-2023-32744. The plugin lacks proper CSRF checks in certain areas, which could enable attackers to make logged-in users perform unwanted actions. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is categorized under CWE-352 (Cross-Site Request Forgery) (NVD, WPScan).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This could potentially lead to unauthorized actions being performed on behalf of authenticated users without their knowledge or consent (Patchstack).

The vulnerability has been fixed in version 2.3.0 of the WooCommerce Product Recommendations plugin. Users are advised to update to version 2.3.0 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).