CVE-2023-47819: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Dang Ngoc Binh Easy Call Now by ThikShare WordPress plugin, affecting versions up to and including 1.1.0. The vulnerability was reported on October 12, 2023, by researcher Nguyen Xuan Chien and was publicly disclosed on November 15, 2023 (Patchstack).

The vulnerability stems from missing or incorrect nonce validation in the settings_page function. The severity of this vulnerability has been assessed with different CVSS v3.1 scores: NIST rates it as HIGH with a base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack assigns it a MEDIUM severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) (NVD, WPScan).

The vulnerability allows unauthenticated attackers to modify the plugin's settings through forged requests if they can trick a site administrator into performing specific actions, such as clicking on a malicious link (WPScan).

Currently, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).