CVE-2023-39917: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery WordPress plugin versions 5.2.6 and below. The vulnerability was discovered on July 21, 2023, and publicly disclosed on August 7, 2023. A fix was released in version 5.2.7 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 4.3 (LOW). The vulnerability exists due to the absence of CSRF checks in certain plugin functionalities (NVD, WPScan).

The vulnerability could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. This could potentially lead to unauthorized actions being executed with the privileges of the authenticated user (WPScan).

The recommended mitigation is to update the Photo Gallery by Ays plugin to version 5.2.7 or later, which contains the fix for this vulnerability (Patchstack).