CVE-2023-46632: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in David Cramer's My Shortcodes WordPress plugin affecting versions through 2.3. The vulnerability was reported on June 18, 2023, and published on October 25, 2023. This security issue allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue, which stems from missing authorization, authentication, or nonce token checks in certain functions. This allows unprivileged users to execute actions intended for users with higher privileges. The vulnerability has been assigned a CVSS v3.1 score of 7.1 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It requires Subscriber-level privileges to exploit, potentially allowing attackers to execute higher privileged actions within the WordPress installation (Patchstack).

Currently, there is no official fix available from the plugin developer. However, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately or consider alternative plugins (Patchstack).