CVE-2023-51678: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Doofinder WP & WooCommerce Search plugin affecting versions through 2.0.33. The vulnerability was reported on December 27, 2023, and was assigned the identifier CVE-2023-51678 (Patchstack Advisory).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. It received a CVSS v3.1 base score of 6.5 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, while Patchstack assigned a CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability represents a broken access control issue that could allow unprivileged users to execute certain higher privileged actions. The impact is considered to have low to medium severity, with potential integrity impacts but no direct effect on confidentiality or availability (Patchstack Advisory).

The vulnerability has been fixed in version 2.1.1 of the Doofinder WP & WooCommerce Search plugin. Users are advised to update to version 2.1.1 or later to remove the vulnerability (Patchstack Advisory).