CVE-2023-52184: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin WP Job Portal – A Complete Job Board, affecting all versions up to and including 2.0.6. The vulnerability was reported on October 11, 2023, by researcher Nguyen Xuan Chien and was publicly disclosed on December 29, 2023 (Patchstack).

The vulnerability stems from missing or incorrect nonce validation on an unspecified function within the plugin. It has been assigned CVE-2023-52184 and is classified as CWE-352 (Cross-Site Request Forgery). The vulnerability received varying CVSS scores, with NVD assigning a base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into clicking malicious links. While the specific impact is not fully detailed, CSRF vulnerabilities generally enable attackers to force authenticated users to execute unwanted actions under their current authentication level (WPScan).

The vulnerability has been fixed in version 2.0.7 of the WP Job Portal plugin. Site administrators are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).