CVE-2023-5006: 
WordPress vulnerability analysis and mitigation

The WP Discord Invite WordPress plugin before version 2.5.1 contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2023-5006. The vulnerability was discovered and publicly disclosed on September 26, 2023. This security flaw affects the plugin's action protection mechanisms, potentially impacting WordPress installations using versions prior to 2.5.1 (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) attack, identified under CWE-352. It has received a CVSS score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

The vulnerability allows an unauthenticated attacker to perform unauthorized actions by tricking a logged-in administrator into submitting crafted requests. This could lead to arbitrary settings updates within the plugin's configuration (WPScan).

The vulnerability has been patched in version 2.5.1 of the WP Discord Invite plugin. Users are strongly advised to update to this version or later to mitigate the risk (WPScan).