CVE-2023-46624: 
WordPress vulnerability analysis and mitigation

The CVE-2023-46624 is an Open Redirect vulnerability affecting the WordPress Parcel Pro plugin versions up to 1.6.11. The vulnerability was discovered by Nguyen Xuan Chien and was reported on May 15, 2023, with public disclosure occurring on October 25, 2023. This security flaw affects the Parcel Pro WordPress plugin, which is used for parcel tracking and shipping management (Patchstack).

The vulnerability is classified as a URL Redirection to Untrusted Site ('Open Redirect') vulnerability (CWE-601). It received a CVSS v3.1 base score of 6.1 (Medium) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a score of 4.7 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N. The vulnerability exists due to improper validation of redirect URLs (NVD).

The vulnerability could allow malicious actors to redirect users from legitimate sites to malicious ones. This could potentially lead to phishing incidents where users are tricked into visiting what they believe is a legitimate site only to be redirected to a malicious one (Patchstack).

The vulnerability has been fixed in version 1.6.12 of the Parcel Pro plugin. Users are advised to update to this version or later to remove the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).