CVE-2023-46779: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress EasyRecipe plugin versions 3.5.3251 and below. The vulnerability was reported on September 29, 2023, by security researcher Nguyen Thi Huyen Trang (Skalucy) and was officially published on October 26, 2023. This security issue was assigned CVE-2023-46779 and received a CVSS v3.1 base score of 8.8 (HIGH) (NVD, Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. According to the CVSS v3.1 scoring metrics, the vulnerability has the following characteristics: Network-based attack vector (AV:N), Low attack complexity (AC:L), No privileges required (PR:N), User interaction required (UI:R), Unchanged scope (S:U), and High impact on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This CSRF vulnerability presents a significant risk as it could potentially compromise the security of WordPress sites running the affected plugin versions (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. The vulnerability affects all versions of the EasyRecipe plugin up to and including version 3.5.3251 (Patchstack).