CVE-2023-45751: 
WordPress vulnerability analysis and mitigation

The CVE-2023-45751 is a Remote Code Execution (RCE) vulnerability affecting POSIMYTH Nexter Extension WordPress plugin versions up to 2.0.3. The vulnerability was discovered by Rafie Muhammad and disclosed on October 12, 2023. This vulnerability is classified as an Improper Control of Generation of Code ('Code Injection') issue (Patchstack, NVD).

The vulnerability has received varying CVSS scores, with NVD assigning a base score of 7.2 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Patchstack rates it at 9.1 (CRITICAL) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) (NVD).

If exploited, this vulnerability could allow a malicious actor to execute commands on the target website. This can potentially be used to gain backdoor access and subsequently take full control of the website (Patchstack).

The vulnerability has been patched in version 2.0.4 of the Nexter Extension plugin. Users are advised to update to version 2.0.4 or later to resolve the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack).