CVE-2023-5756: 
WordPress vulnerability analysis and mitigation

The Digital Publications by Supsystic plugin for WordPress contains a Cross-Site Request Forgery (CSRF) vulnerability in versions up to and including 1.7.6, identified as CVE-2023-5756. The vulnerability was discovered and disclosed on December 9, 2023. The issue affects the AJAX action handler in the plugin due to missing or incorrect nonce validation (NVD).

The vulnerability stems from improper implementation of security controls in the AJAX action handler, specifically the absence or incorrect implementation of nonce validation. The severity of this vulnerability has been assessed with different CVSS v3.1 scores: NVD rates it as HIGH with a base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Wordfence assigns it a MEDIUM severity with a base score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) (NVD).

The vulnerability allows unauthenticated attackers to execute AJAX actions through forged requests if they can trick a site administrator into performing specific actions, such as clicking on a malicious link. This could potentially lead to unauthorized actions being performed with administrator privileges (NVD).

Users should update the Digital Publications by Supsystic plugin to a version newer than 1.7.6 to address this vulnerability (NVD).