CVE-2023-47824: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the wpWax Legal Pages WordPress plugin, affecting versions 1.3.8 and below. The vulnerability was identified on October 27, 2023, and publicly disclosed on November 16, 2023. This plugin, which handles Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generation functionalities, is used by WordPress website administrators to manage legal compliance pages (Patchstack).

The vulnerability has been assigned CVE-2023-47824 and is classified under CWE-352 (Cross-Site Request Forgery). It received varying CVSS severity ratings, with NIST assigning a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, but generally affects the security of administrative functions within the WordPress installation (Patchstack).

The vulnerability has been patched in version 1.3.9 of the wpWax Legal Pages plugin. Users are advised to update to version 1.3.9 or later to remove the vulnerability. Patchstack users have the additional option to enable auto-updates for vulnerable plugins (Patchstack).