CVE-2023-35047: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the AREOI All Bootstrap Blocks WordPress plugin affecting versions 1.3.6 and below. The vulnerability was reported by LEE SE HYOUNG on May 31, 2023, and was publicly disclosed on June 13, 2023. The issue was assigned CVE-2023-35047 and has been fixed in version 1.3.7 (Patchstack).

The vulnerability stems from improper validation of user requests in the plugin, which could lead to Cross-Site Request Forgery attacks. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, while Patchstack assessed it with a CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD, WPScan).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity impact is considered low and is unlikely to be exploited (Patchstack).

Users are advised to update to version 1.3.7 or later of the All Bootstrap Blocks plugin to remediate this vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins (Patchstack).