CVE-2023-45645: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-45645) is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Open Street Map WordPress plugin versions 1.25 and earlier. The vulnerability was discovered by Nguyen Xuan Chien and was disclosed on October 12, 2023. The issue has been fixed in version 1.30 of the plugin (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. It received varying CVSS scores from different sources: NIST NVD rated it as HIGH with a CVSS v3.1 base score of 8.8 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack assessed it as MEDIUM with a score of 5.4 (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction and can potentially lead to high impacts on confidentiality, integrity, and availability of the affected system (Patchstack).

The vulnerability has been patched in version 1.30 of the WP Open Street Map plugin. Users are advised to update to version 1.30 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).