CVE-2023-49769: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in SoftLab's Integrate Google Drive WordPress plugin, affecting versions through 1.3.4. The vulnerability was identified on December 5, 2023, and was assigned CVE-2023-49769. This security issue affects the WordPress plugin that enables integration with Google Drive functionality (Patchstack, WPScan).

The vulnerability stems from missing or incorrect nonce validation on an unspecified function within the plugin. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing actions such as clicking on malicious links. The impact severity varies according to different assessments, with NIST indicating potential high impact on confidentiality, integrity, and availability, while Patchstack suggests a lower impact limited to integrity (WPScan).

The vulnerability has been patched in version 1.3.5 of the Integrate Google Drive plugin. Users are advised to update to this version or later to remediate the security issue (Patchstack).