CVE-2023-49749: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin SureTriggers (versions up to and including 1.0.23). The vulnerability was reported on August 28, 2023, and publicly disclosed on December 4, 2023. SureTriggers is a WordPress plugin designed to connect plugins, apps, tools, and automate various functionalities (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores from different sources: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability can be exploited without authentication (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though it has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).

The vulnerability has been fixed in version 1.0.24 of the SureTriggers plugin. Users are advised to update to version 1.0.24 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).