CVE-2023-45760: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in gVectors Team wpDiscuz plugin versions through 7.6.3. The vulnerability was identified on October 12, 2023, and assigned CVE-2023-45760. This security issue affects the WordPress plugin wpDiscuz, which has over 80,000 active installations (Wordfence Intel).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that allows exploiting incorrectly configured access control security levels via AJAX actions. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD, Patchstack).

The vulnerability allows attackers with subscriber-level privileges to perform unauthorized actions through AJAX requests, potentially leading to information disclosure. The impact is considered moderate with the ability to access data that should be restricted (Patchstack).

The vulnerability has been patched in wpDiscuz version 7.6.4. Users are advised to update to this version or later to resolve the security issue. Virtual patching is available through security providers to mitigate the vulnerability until the update can be applied (Patchstack).