CVE-2023-45106: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Urvanov Syntax Highlighter WordPress plugin versions 2.8.33 and below. The vulnerability was disclosed on October 6, 2023, and was assigned CVE-2023-45106. The affected software is the Urvanov Syntax Highlighter plugin developed by Fedor Urvanov and Aram Kocharyan for WordPress installations (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores from different sources: NVD assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability specifically affects the management of highlighting blocks within the plugin (NVD).

The vulnerability could allow attackers to force authenticated administrators to perform unwanted actions related to highlighting blocks management, including updating, creating, duplicating, and deleting blocks through CSRF attacks (WPScan).

The vulnerability has been fixed in version 2.8.34 of the Urvanov Syntax Highlighter plugin. Users are advised to update to version 2.8.34 or later to remove the vulnerability (Patchstack).