CVE-2023-47823: 
WordPress vulnerability analysis and mitigation

The FormCraft WordPress plugin contains a Missing Authorization vulnerability (CVE-2023-47823) discovered on November 16, 2023. This security issue affects FormCraft versions up to and including 1.2.7, with the vulnerability being patched in version 1.2.8. The vulnerability stems from a missing capability check on the formcraftnagupdate AJAX nopriv_ function (WPScan).

The vulnerability is classified as a Missing Authorization (CWE-862) issue with a CVSS v3.1 Base Score of 5.3 (Medium). The technical vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed (Patchstack).

The vulnerability allows unauthenticated attackers to delay or disable update notifications in the FormCraft plugin. This broken access control issue enables unprivileged users to execute certain higher privileged actions (WPScan).

The vulnerability has been fixed in FormCraft version 1.2.8. Users are advised to update to version 1.2.8 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).