CVE-2023-46085: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Wpmet Wp Ultimate Review WordPress plugin versions 2.2.4 and below, identified as CVE-2023-46085. The vulnerability was reported on March 25, 2023, and publicly disclosed on October 16, 2023. This security issue affects the WordPress plugin Wp Ultimate Review up to version 2.2.4 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS v3.1 base score of 4.3 (MEDIUM) according to Patchstack's assessment, while the NVD rates it with a CVSS score of 8.8 (HIGH). The vulnerability is tracked as CWE-352: Cross-Site Request Forgery. The technical nature of the vulnerability could allow an attacker to force higher privileged users to execute unwanted actions under their current authentication (Patchstack).

The vulnerability could allow malicious actors to force authenticated users to perform unintended actions on the affected WordPress sites running the vulnerable plugin. While Patchstack classifies the severity impact as low, the potential for unauthorized actions through authenticated users makes this a significant security concern (Patchstack).

The vulnerability has been patched in version 2.3.1 of the Wp Ultimate Review plugin. Users are advised to update to version 2.3.1 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins to ensure automatic remediation (Patchstack).