CVE-2023-51503: 
WordPress vulnerability analysis and mitigation

The CVE-2023-51503 vulnerability affects Automattic's WooPayments plugin for WordPress, specifically versions through 6.9.2. This security flaw is classified as an Authorization Bypass Through User-Controlled Key vulnerability, which was discovered and reported by Rafie Muhammad (Patchstack).

The vulnerability is classified as an Insecure Direct Object References (IDOR) issue, with a CVSS v3.1 base score of 7.5 (HIGH) according to NIST, while Patchstack rates it at 5.9 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity and no required privileges or user interaction (NVD).

The vulnerability affects stores running on legacy UPE and split-UPE versions of WooPayments. It allows unauthenticated attackers to delete orders by knowing the order ID and cart hash, specifically requiring them to create a cart that matches the items in the order they are attempting to delete (WPScan).

The vulnerability has been fixed in WooPayments version 6.7.0. Users are advised to update to version 6.7.0 or later to remove the vulnerability. The issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).