CVE-2023-46629: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in themelocation Remove Add to Cart WooCommerce plugin versions 1.4.4 and below. The vulnerability was reported on June 15, 2023, by researcher qilin99 and was officially published on October 25, 2023, with the identifier CVE-2023-46629 ([Patchstack](https://patchstack.com/database/vulnerability/remove-add-to-cart-woocommerce/wordpress-remove-add-to-cart-woocommerce-plugin-1-4-4-cross-site-request-forgery-csrf-vulnerability?s_id=cve)).

The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores from different sources: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction but does not require authentication from the attacker's side (Patchstack).

The vulnerability has been fixed in version 1.4.5 of the Remove Add to Cart WooCommerce plugin. Users are advised to update to version 1.4.5 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).