CVE-2023-49843: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in QuanticEdge's First Order Discount Woocommerce plugin, affecting versions up to and including 1.21. The vulnerability was discovered by Nguyen Xuan Chien on August 23, 2023, and was publicly disclosed on December 6, 2023 (Patchstack).

The vulnerability has been assigned CVE-2023-49843 and is classified as CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores, with the NVD assigning a base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it at 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction but does not require authentication from the attacker's side (Patchstack).

The vulnerability has been fixed in version 1.22 of the First Order Discount Woocommerce plugin. Users are advised to update to version 1.22 or later to remove the vulnerability (Patchstack).