CVE-2023-50835: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Advanced Category Template WordPress plugin, affecting versions up to and including 0.1. The vulnerability was discovered by researcher Nguyen Thi Huyen Trang (Skalucy) and was publicly disclosed on December 19, 2023. This security issue impacts Praveen Goswami's Advanced Category Template plugin for WordPress (Patchstack).

The vulnerability has been assigned CVE-2023-50835 and has received varying CVSS severity scores from different sources. The National Vulnerability Database (NVD) assessed it with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though Patchstack has classified this as a low-priority security issue that is unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue remains unpatched in the Advanced Category Template plugin (Patchstack).