CVE-2023-34371: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Didier Sampaolo SpamReferrerBlock WordPress plugin, affecting versions 2.22 and below. The vulnerability was reported on April 30, 2023, and was officially published with CVE-2023-34371 on June 2, 2023 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) with a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). This indicates a high-severity vulnerability with network attack vector, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The CVSS score of 8.8 indicates potential high impacts on confidentiality, integrity, and availability of the affected system (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. The vulnerability was initially reported by LEE SE HYOUNG (hackintoanetwork), and early warning was sent to Patchstack customers on June 2, 2023 (Patchstack).