CVE-2023-46781: 
WordPress vulnerability analysis and mitigation

The Cross-Site Request Forgery (CSRF) vulnerability (CVE-2023-46781) affects Roland Murg's Current Menu Item for Custom Post Types WordPress plugin versions 1.5 and below. The vulnerability was discovered by Nguyen Xuan Chien and was published on October 26, 2023. This security issue allows potential attackers to execute unwanted actions under authenticated users' privileges (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) with a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability requires no privileges for exploitation but does require user interaction (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The CVSS score of 8.8 indicates a high severity impact on the confidentiality, integrity, and availability of the affected system (Patchstack).

The vulnerability has been fixed in version 1.6 of the Current Menu Item for Custom Post Types plugin. Users are advised to update to version 1.6 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).