CVE-2023-46089: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Userback WordPress plugin versions 1.0.13 and earlier. The vulnerability was reported by LEE SE HYOUNG on April 29, 2023, and was publicly disclosed on October 17, 2023. This security issue affects the Userback plugin for WordPress installations (Patchstack).

The vulnerability is identified as CVE-2023-46089 and has received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact varies depending on the specific implementation and context of the vulnerable component (Patchstack).

The vulnerability has been fixed in version 1.0.14 of the Userback WordPress plugin. Users are advised to update to version 1.0.14 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).