CVE-2023-47669: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin versions 3.10.3 and below. The vulnerability was discovered on November 7, 2023, and was assigned CVE-2023-47669 (Patchstack).

The vulnerability stems from the plugin's lack of CSRF checks when activating and deactivating plugins. The severity of this vulnerability has been assessed with different CVSS v3.1 scores: NIST rates it as HIGH with a base score of 8.8 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rates it as MEDIUM with a score of 5.4 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (WPScan).

The vulnerability could allow attackers to make logged-in users perform unauthorized actions related to plugin activation and deactivation through CSRF attacks (WPScan).

The vulnerability has been fixed in version 3.10.4 of the plugin. Users are advised to update to this version or later to remove the vulnerability (Patchstack).