CVE-2023-51478: 
WordPress vulnerability analysis and mitigation

CVE-2023-51478 is an Improper Authentication vulnerability discovered in the Build App Online WordPress plugin affecting versions up to 1.0.19. The vulnerability was disclosed on April 25, 2024, and received a CVSS v3.1 base score of 9.8 (CRITICAL), indicating its severe nature (Patchstack, NVD).

The vulnerability stems from missing authentication checking in the 'setusercart' function with the 'user_id' header value. It has been classified under CWE-306 (Missing Authentication for Critical Function) by NIST and CWE-287 (Improper Authentication) by Patchstack. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

This vulnerability allows unauthenticated attackers to perform privilege escalation and potentially take over accounts. The high CVSS score of 9.8 indicates that successful exploitation could lead to complete compromise of the system's confidentiality, integrity, and availability (Patchstack).

Users are advised to update to version 1.0.22 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking attacks until users can update to a fixed version (Patchstack).