CVE-2023-33207: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Krzysztof Wielogórski Stop Referrer Spam WordPress plugin, affecting versions 1.3.0 and below. The vulnerability was reported on February 1, 2023, and publicly disclosed on May 18, 2023 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has received varying CVSS scores. The NVD assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability stems from the absence of CSRF checks in certain plugin functionalities (WPScan).

The vulnerability could allow attackers to force authenticated users to perform unwanted actions through CSRF attacks. This security issue has been classified as having a low to high severity impact, depending on the scoring system used (Patchstack).

The vulnerability has been fixed in version 1.3.1 of the Stop Referrer Spam plugin. Users are advised to update to this version or later to remove the vulnerability (Patchstack).