CVE-2023-47832: 
WordPress vulnerability analysis and mitigation

The CVE-2023-47832 is a Missing Authorization vulnerability affecting the SearchIQ WordPress plugin versions through 4.4. The vulnerability was discovered and disclosed on November 16, 2023, by researcher Mika. This security issue allows exploiting incorrectly configured access control security levels in the SearchIQ plugin (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. This could lead to unauthorized access to plugin settings and potential information disclosure (Patchstack).

The vulnerability has been fixed in SearchIQ version 4.5. Users are advised to update to version 4.5 or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).