CVE-2023-41730: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the SendPress Newsletters WordPress plugin affecting versions up to 1.22.3.31. The vulnerability was discovered by researcher yuyudhn and was publicly disclosed on September 5, 2023 (Patchstack Database).

The vulnerability has been assigned CVE-2023-41730 and received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assessed it with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it as MEDIUM severity with a score of 4.3 and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could potentially allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though Patchstack has classified it as having a low severity impact and considers it unlikely to be exploited (Patchstack Database).

As of the latest reports, no official fix is available for this vulnerability. The issue was initially reported on January 8, 2023, and an early warning was sent to Patchstack customers on September 5, 2023 (Patchstack Database).