CVE-2023-32794: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WooCommerce Product Add-Ons plugin versions 6.1.3 and earlier for WordPress. The vulnerability was discovered by Rafie Muhammad and was reported on April 4, 2023, with public disclosure occurring on May 15, 2023. This security issue was assigned the identifier CVE-2023-32794 (Patchstack Report).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, falling under the OWASP Top 10 category A5: Broken Access Control. It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a serious security concern. The vulnerability affects unauthenticated users and is categorized under CWE-352 (NVD).

The vulnerability could potentially allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This type of vulnerability typically enables attackers to perform unauthorized actions on behalf of authenticated users who visit a malicious website (Patchstack Report).

The vulnerability was patched in version 6.2.0 of the WooCommerce Product Add-ons plugin. Users are advised to update to version 6.2.0 or later to remediate this security issue. Patchstack users have the option to enable auto-updates for vulnerable plugins as an additional security measure (Patchstack Report).