CVE-2023-36691: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Albert Peschar WebwinkelKeur WordPress plugin versions 3.24 and below. The vulnerability was disclosed on July 4, 2023, and was assigned CVE-2023-36691. The affected software is the WebwinkelKeur plugin for WordPress platforms (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, which received a CVSS v3.1 base score of 5.4 (Medium) according to Patchstack's assessment. The vulnerability is tracked under CWE-352 (Cross-Site Request Forgery). The technical nature of the vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication (Patchstack).

The vulnerability has been assessed as having a low severity impact. If exploited, it could allow attackers to force authenticated users to perform unintended actions on the affected WordPress installation. The vulnerability requires no authentication to exploit, potentially increasing its impact scope (Patchstack).

The vulnerability has been fixed in version 3.25 of the WebwinkelKeur plugin. Users are advised to update to version 3.25 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).