CVE-2023-45060: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Fla-shop.Com Interactive World Map WordPress plugin versions 3.2.0 and earlier. The vulnerability was disclosed on October 3, 2023, and received the identifier CVE-2023-45060. The affected software is the Interactive World Map plugin for WordPress, which was later patched in version 3.4.4 (Patchstack, WPScan).

The vulnerability stems from the plugin's lack of CSRF protection mechanisms in certain functionalities. The severity of this vulnerability has been assessed with different CVSS v3.1 scores: NVD rates it as HIGH with a score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack assigns it a MEDIUM severity with a score of 5.4. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. This means that if an authenticated user with appropriate privileges visits a malicious webpage while logged into their WordPress site, the attacker could potentially execute unauthorized actions on behalf of that user (WPScan).

The recommended mitigation is to update the Interactive World Map plugin to version 3.4.4 or later, which contains the security fix for this vulnerability. This update is considered the primary and most effective solution for addressing the CSRF vulnerability (Patchstack).