CVE-2023-47754: 
WordPress vulnerability analysis and mitigation

The CVE-2023-47754 vulnerability affects the WordPress Delete Duplicate Posts plugin versions up to 4.8.9. This security issue is classified as a Missing Authorization vulnerability that allows accessing functionality not properly constrained by Access Control Lists (ACLs). The vulnerability was discovered by Huynh Tien Si and was published on November 13, 2023 (Patchstack).

The vulnerability is categorized as CWE-862 (Missing Authorization) and has received varying CVSS v3.1 severity scores. The National Vulnerability Database (NVD) assigned a Critical severity score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), while Patchstack rated it as Medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The vulnerability stems from a broken access control issue where authorization, authentication, or nonce token checks are missing in certain functions (NVD, Patchstack).

The vulnerability could allow unprivileged users to execute certain higher privileged actions within the WordPress Delete Duplicate Posts plugin. The specific impact varies case by case, though Patchstack has classified it as having a low severity impact and considers it unlikely to be exploited (Patchstack).

The vulnerability has been patched in version 4.9 of the Delete Duplicate Posts plugin. Users are advised to update to version 4.9 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).