CVE-2023-45639: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Sort SearchResult By Title plugin versions 10.0 and below. The vulnerability was identified on October 12, 2023, and was assigned CVE-2023-45639. This security issue affects WordPress installations using the vulnerable plugin versions (Patchstack Advisory).

The vulnerability has been assessed with varying CVSS scores. The NVD assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it as CVSS 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though Patchstack has classified this as a low severity impact that is unlikely to be exploited (Patchstack Advisory).

The vulnerability has been fixed in version 11.0 of the Sort SearchResult By Title plugin. Users are advised to update to version 11.0 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack Advisory).