CVE-2023-49197: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress DoFollow Case by Case plugin, affecting versions up to 3.4.2. The vulnerability was reported on August 25, 2023, by researcher Nguyen Thi Huyen Trang (Skalucy) and was assigned CVE-2023-49197. The issue was publicly disclosed on December 1, 2023, and has been fixed in version 3.5.0 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, categorized under OWASP Top 10 A1: Broken Access Control. It received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assigned a CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction but can be executed without authentication privileges (Patchstack).

The vulnerability has been fixed in version 3.5.0 of the DoFollow Case by Case plugin. Users are advised to update to version 3.5.0 or later to remove the vulnerability. It's worth noting that the software appears to be abandoned, as it hasn't been updated for over a year, and users should consider replacing it with an alternative solution (Patchstack).