CVE-2023-48781: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC, affecting versions through 4.3.0. The vulnerability was discovered by researcher qilin_99 and was assigned CVE-2023-48781 on November 18, 2023 (Patchstack).

The vulnerability has received varying CVSS severity assessments. The National Vulnerability Database (NVD) assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The security issue has been assessed to have a low severity impact and is considered unlikely to be exploited (Patchstack).

Currently, no official fix is available for this vulnerability. Patchstack issued an early warning to their customers on November 28, 2023 (Patchstack).