CVE-2023-45647: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the MailMunch Constant Contact Forms WordPress plugin versions 2.0.10 and below. The vulnerability was reported by Rio Darmawan and was assigned CVE-2023-45647 on October 10, 2023 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and received varying CVSS scores. The NVD assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it at 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability stems from the absence of CSRF checks in certain plugin functionalities (NVD, WPScan).

The vulnerability could allow attackers to force authenticated users to perform unwanted actions through CSRF attacks. This security issue primarily affects the plugin's settings and could lead to unauthorized modifications when exploited (Patchstack).

The vulnerability has been fixed in version 2.0.11 of the MailMunch Constant Contact Forms plugin. Users are advised to update to this version or later to remediate the security issue. The fix primarily involves implementing proper CSRF checks in the affected functionality (Patchstack).