CVE-2023-44997: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WP Forms Puzzle Captcha WordPress plugin versions 4.1 and below. The vulnerability was discovered by Rio Darmawan from Zerobyte and was publicly disclosed on October 3, 2023. This security issue affects the WordPress plugin developed by Nitin Rathod (Patchstack).

The vulnerability has been assigned CVE-2023-44997 and is classified as CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores, with the NVD assigning a base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it at 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity impact is considered low and is unlikely to be exploited according to security assessments (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue affects versions 4.1 and below of the WP Forms Puzzle Captcha plugin (Patchstack).