CVE-2023-49855: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the BinaryCarpenter Menu Bar Cart Icon For WooCommerce WordPress plugin, affecting versions up to and including 1.49.3. The vulnerability was initially reported on July 21, 2023, and publicly disclosed on December 7, 2023. This security issue was assigned CVE-2023-49855 and affects the WordPress plugin 'bc-menu-cart-woo' (Patchstack, WPScan).

The vulnerability stems from missing or incorrect nonce validation on an unknown function within the plugin. The severity of this vulnerability has been assessed with varying CVSS scores: NIST NVD assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on malicious links. The impact varies depending on the specific implementation and context of the vulnerable function (WPScan).

As of the latest reports, there is no official fix available for this vulnerability. The issue remains unpatched in version 1.49.3 of the plugin (WPScan).