CVE-2023-46202: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Jeff Sherk Auto Login New User After Registration WordPress plugin, affecting versions up to and including 1.9.6. The vulnerability was reported on April 26, 2023, and publicly disclosed on October 19, 2023 (Patchstack).

The vulnerability stems from the absence of CSRF protection mechanisms in certain areas of the plugin. It has been assigned CVE-2023-46202 and is classified as CWE-352 (Cross-Site Request Forgery). The vulnerability has received varying CVSS v3.1 severity ratings: NIST assessed it as HIGH with a base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as MEDIUM with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) (NVD).

The vulnerability could allow attackers to make logged-in users perform unwanted actions through CSRF attacks. This security issue particularly affects the plugin's settings modification capabilities (WPScan).

Currently, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).