CVE-2023-38396: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Google Map Shortcode plugin versions 3.1.2 and below. The vulnerability was identified on July 24, 2023, and assigned CVE-2023-38396. This security flaw affects the plugin's settings update functionality, potentially exposing WordPress installations to unauthorized modifications (Patchstack).

The vulnerability stems from the absence of CSRF protection mechanisms in the plugin's settings update functionality. It received a CVSS v3.1 base score of 8.8 (HIGH) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assigned it a more moderate CVSS score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD, WPScan).

The vulnerability could allow attackers to force authenticated administrators to perform unwanted actions by updating the plugin's settings without their knowledge or consent. This could potentially lead to unauthorized modifications of the plugin's configuration (WPScan).

Currently, there is no official fix available for this vulnerability. Website administrators running affected versions of the Google Map Shortcode plugin should consider implementing additional security measures or temporarily disabling the plugin until a patch is released (Patchstack).