CVE-2023-36687: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Andrea Tarantini Menubar WordPress plugin versions 5.8.2 and below. The vulnerability was reported on April 28, 2023, and was assigned CVE-2023-36687. The issue was fixed in version 5.9 of the plugin (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NIST and 5.4 (Medium) by Patchstack. The vulnerability is classified as CWE-352: Cross-Site Request Forgery (CSRF). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but does need user interaction (UI:R). The scope is unchanged (S:U), with no impact on confidentiality (C:N), but potential high impact on integrity (I:H) and no impact on availability (A:N) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This type of vulnerability enables attackers to perform unauthorized actions on behalf of authenticated users who visit a malicious website (Patchstack).

The vulnerability has been patched in version 5.9 of the Menubar plugin. Users are advised to update to version 5.9 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).