CVE-2023-45763: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Taggbox plugin versions 2.9 and below, identified as CVE-2023-45763. The vulnerability was disclosed on October 12, 2023, affecting the Taggbox plugin, which is used for UGC galleries, social media widgets, user reviews, and analytics in WordPress installations (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The vulnerability affects confidentiality, integrity, and availability of the system, with potential for high impact across all three security aspects according to the NIST assessment (Patchstack).

The vulnerability has been patched in version 3.4 of the Taggbox plugin. Users are advised to update to version 3.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).