CVE-2023-49153: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin 'Add to Cart Text Changer and Customize Button, Add Custom Icon' affecting versions up to 2.0. The vulnerability was reported on September 29, 2023, by researcher Nguyen Thi Huyen Trang (Skalucy) and was publicly disclosed on November 28, 2023 (Patchstack).

The vulnerability has been assigned CVE-2023-49153 and is classified as CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores, with NIST assigning a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) while Patchstack assessed it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The software is considered abandoned as it hasn't been updated for over a year, increasing the potential security risks for users (Patchstack).

Users are advised to update to version 2.1 or later of the plugin to remove the vulnerability. Given that the software appears to be abandoned, users should urgently consider replacing it with an alternative solution (Patchstack).