CVE-2023-46204: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Muller Digital Inc.'s Duplicate Theme WordPress plugin versions 0.1.6 and below. The vulnerability was initially reported by researcher Elliot on May 25, 2023, and was officially published by Patchstack on October 19, 2023. The vulnerability was assigned CVE-2023-46204 (Patchstack Advisory).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, categorized under CWE-352. It received varying CVSS scores, with the NVD assigning a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability requires no authentication to exploit (NVD, Patchstack Advisory).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. According to Patchstack's assessment, this security issue has a low severity impact and is unlikely to be exploited (Patchstack Advisory).

As of the latest reports, no official fix is available for this vulnerability. The issue was first identified and reported to Patchstack customers as an early warning on October 19, 2023 (Patchstack Advisory).