CVE-2023-52150: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Ovation S.R.L.'s Dynamic Content for Elementor WordPress plugin, affecting versions before 2.12.5. The vulnerability was disclosed on December 28, 2023, and was assigned CVE-2023-52150. The issue stems from missing or incorrect nonce validation on an unknown function (Patchstack, WPScan).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is classified under CWE-352 (Cross-Site Request Forgery) and requires user interaction to be exploited. The vulnerability affects the plugin's functionality related to WordPress options changes (NVD).

The vulnerability could allow unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing actions such as clicking on malicious links. This could potentially lead to arbitrary WordPress options changes when successfully exploited (WPScan).

The vulnerability has been patched in version 2.12.5 of the Dynamic Content for Elementor plugin. Users are advised to update to this version or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).