CVE-2023-50873: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin 'Add Any Extension to Pages' affecting versions up to 1.4. The vulnerability was reported by Nguyen Xuan Chien on September 19, 2023, and was publicly disclosed on December 22, 2023. The issue has been assigned CVE-2023-50873 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). It received varying CVSS scores from different sources: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability can be exploited without authentication (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though Patchstack has assessed it as having a low severity impact and considers it unlikely to be exploited (Patchstack).

The vulnerability has been fixed in version 1.5 of the Add Any Extension to Pages plugin. Users are advised to update to version 1.5 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).