CVE-2023-6391: 
WordPress vulnerability analysis and mitigation

The Custom User CSS WordPress plugin through version 0.2 contains a Cross-Site Request Forgery (CSRF) vulnerability. The vulnerability was discovered on December 8, 2022, and was publicly disclosed on January 3, 2024. This security issue affects the plugin's settings update functionality, potentially impacting WordPress installations using the Custom User CSS plugin version 0.2 or earlier (WPScan Advisory, NVD Database).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) with a CVSS v3.1 base score of 8.8 (HIGH), and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The core issue stems from the absence of CSRF protection mechanisms in the plugin's settings update functionality (NVD Database).

If successfully exploited, this vulnerability could allow attackers to modify the plugin's settings through a CSRF attack when an administrator is logged in. The high CVSS score indicates potential severe impacts on the confidentiality, integrity, and availability of the affected system (WPScan Advisory).

Currently, there is no known fix available for this vulnerability. Users of the Custom User CSS plugin should consider either removing the plugin or implementing additional security measures to protect against CSRF attacks (WPScan Advisory).