CVE-2023-49844: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in Kevin Ohashi's WPPerformanceTester WordPress plugin, affecting all versions up to and including 2.0.0. The vulnerability was discovered by researcher Nguyen Xuan Chien and was officially assigned CVE-2023-49844 on November 30, 2023 (Patchstack).

The vulnerability has received varying CVSS severity assessments. The National Vulnerability Database (NVD) assigned it a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it as MEDIUM with a score of 4.3 and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction and can be initiated by unauthenticated users (Patchstack).

No official fix is available in the wordpress.org repository, though a patched version is available on GitHub. Due to the low severity impact, virtual patching has been deemed unnecessary (Patchstack).