CVE-2023-48769: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Blue Coral Chat Bubble WordPress plugin, a floating chat solution that includes contact chat icons, messages, Telegram, Email, SMS, and Call me back functionality. The vulnerability affects versions up to and including 2.3 of the plugin. This security issue was initially reported on August 16, 2023, and was publicly disclosed on November 28, 2023 (Patchstack).

The vulnerability has been assigned CVE-2023-48769 and received varying CVSS severity scores from different organizations. The National Vulnerability Database (NVD) assessed it with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity impact is considered low and is unlikely to be exploited according to the security assessment (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue affects versions up to and including 2.4 of the Chat Bubble plugin (Patchstack).