CVE-2023-44988: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-44988) is a Missing Authorization vulnerability affecting Martin Gibson's WP Custom Admin Interface WordPress plugin through version 7.32. The issue was discovered by Abdi Pranata and was published on October 3, 2023. The vulnerability allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating that the vulnerability requires network access, low attack complexity, low privileges, and no user interaction. The vulnerability can lead to a low impact on integrity with no impact on confidentiality or availability (Patchstack).

The vulnerability allows an unprivileged user to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. The severity is considered low, and the impact is primarily focused on integrity aspects of the system (Patchstack).

The vulnerability has been fixed in version 7.33 of the WP Custom Admin Interface plugin. Users are advised to update to version 7.33 or later to remove the vulnerability. Patchstack has also issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).