CVE-2023-51535: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the CleanTalk Anti-Spam Protection WordPress plugin, identified as CVE-2023-51535. The vulnerability affects versions up to 6.20 of the Spam protection, Anti-Spam, FireWall by CleanTalk plugin. The issue was initially reported on October 26, 2023, and was publicly disclosed on December 27, 2023 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) weakness (CWE-352). It received varying CVSS v3.1 scores: NIST assigned a high severity score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability requires user interaction but no privileges for exploitation (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The exact impact varies case by case, but the vulnerability has been assessed to have a low severity impact and is unlikely to be exploited (Patchstack).

The vulnerability has been fixed in version 6.21 of the plugin. Users are advised to update to version 6.21 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).