CVE-2023-48778: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in VillaTheme's Product Size Chart For WooCommerce WordPress plugin affecting versions through 1.1.5. The vulnerability was reported by researcher qilin_99 and publicly disclosed on November 28, 2023. The issue received the identifier CVE-2023-48778 and affects the plugin's settings update functionality (Patchstack, WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms in the plugin's settings update functionality. This security flaw has received varying CVSS scores, with NIST assigning a base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it at 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow attackers to make a logged-in administrator unknowingly change the plugin's settings through a CSRF attack. This could potentially lead to unauthorized modifications of the plugin's configuration (WPScan).

The vulnerability has been fixed in version 1.1.6 of the Product Size Chart For WooCommerce plugin. Users are advised to update to this version or later to remediate the security issue (WPScan).