CVE-2023-46191: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Niels van Renselaar Open Graph Metabox WordPress plugin, affecting versions 1.4.4 and below. The vulnerability was reported on April 29, 2023, by researcher LEE SE HYOUNG and was publicly disclosed on October 18, 2023 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has received varying CVSS scores. The NVD assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability exists due to the absence of CSRF checks in certain plugin functionalities (NVD, WPScan).

The vulnerability could allow attackers to make logged-in users perform unwanted actions through CSRF attacks. This security issue has been classified as having a low severity impact, though its specific implications may vary depending on the implementation (WPScan).

Currently, there is no official fix available for this vulnerability. The issue affects versions 1.4.4 and below of the Open Graph Metabox plugin (Patchstack).