CVE-2023-6279: 
WordPress vulnerability analysis and mitigation

The Woostify Sites Library WordPress plugin before version 1.4.8 contains a security vulnerability identified as CVE-2023-6279. The vulnerability was discovered by Krzysztof Zając from CERT PL and was publicly disclosed on January 5, 2024. This security issue affects the WordPress plugin's AJAX functionality and impacts systems running versions prior to 1.4.8 (WPScan).

The vulnerability is classified as a Missing Authorization (CWE-862) issue with a CVSS v3.1 base score of 7.1 (HIGH). The technical nature of the vulnerability involves an AJAX action that lacks proper authorization controls. The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, indicating network accessibility, low attack complexity, and requiring low privileges (NVD).

The vulnerability allows any authenticated user, including those with minimal privileges such as subscribers, to update arbitrary blog options and set them to 'activated'. This capability could potentially lead to a Denial of Service (DoS) condition when specific option names are targeted (WPScan).

The vulnerability has been fixed in version 1.4.8 of the Woostify Sites Library plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).