CVE-2023-6625: 
WordPress vulnerability analysis and mitigation

The Product Enquiry for WooCommerce WordPress plugin before version 3.1 contains a Cross-Site Request Forgery (CSRF) vulnerability. The vulnerability was discovered in December 2023 and was assigned CVE-2023-6625. This security issue affects the plugin's inquiry deletion functionality, which lacks proper CSRF protection (WPScan, NVD).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. It has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The technical issue stems from the absence of CSRF protection mechanisms in the inquiry deletion functionality of the plugin (NVD).

When exploited, this vulnerability allows attackers to trick authenticated administrators into deleting inquiries without their knowledge or consent through a CSRF attack. The impact is limited to the unauthorized deletion of inquiry data within the plugin's functionality (WPScan).

The vulnerability has been patched in version 3.1 of the Product Enquiry for WooCommerce plugin. Users are strongly advised to update to this version or later to protect against potential CSRF attacks (WPScan).