CVE-2023-45641: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in Caret Inc.'s Caret Country Access Limit WordPress plugin, affecting versions 1.0.2 and below. The vulnerability was discovered by Prasanna V Balaji on February 25, 2023, and was officially published on October 12, 2023, with CVE-2023-45641 assigned by Patchstack (Patchstack Advisory).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, categorized under CWE-352. It received varying CVSS scores, with the NVD assigning a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack assessed it as medium severity with a score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L). The vulnerability falls under the OWASP Top 10 category A5: Broken Access Control (Patchstack Advisory).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires no authentication to exploit, though user interaction is necessary (Patchstack Advisory).

The vulnerability has been fixed in version 1.0.3 of the Caret Country Access Limit plugin. Users are advised to update to version 1.0.3 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack Advisory).