CVE-2023-47243: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WordPress MSHOP MY SITE plugin, affecting versions up to 1.1.6. The vulnerability was discovered on June 16, 2023, and was publicly disclosed on November 7, 2023. This security issue impacts the CodeMShop 코드엠샵 마이사이트 – MSHOP MY SITE WordPress plugin (Patchstack Advisory).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CVE-2023-47243. It has received varying CVSS severity ratings: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L). The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could potentially allow an attacker to execute unauthorized actions on behalf of authenticated users. The CVSS metrics indicate that successful exploitation could lead to high impacts on confidentiality, integrity, and availability according to NIST's assessment, while Patchstack suggests lower potential impact limited to integrity and availability (Patchstack Advisory).

Users are advised to update to version 1.1.8 or later of the MSHOP MY SITE plugin to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack Advisory).