CVE-2023-41850: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects the Morris Bryant, Ruben Sargsyan Outbound Link Manager WordPress plugin versions 1.2 and below. The vulnerability was discovered and reported on September 5, 2023, and was assigned the identifier CVE-2023-41850. This security issue impacts WordPress installations using the affected plugin versions (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) by NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a Base Score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity impact is considered low and is unlikely to be exploited, though the potential for unauthorized actions exists (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions 1.2 and below of the Outbound Link Manager plugin (Patchstack).