CVE-2023-6638: 
WordPress vulnerability analysis and mitigation

The GTG Product Feed for Shopping plugin for WordPress (versions up to and including 1.2.4) contains a vulnerability identified as CVE-2023-6638. The vulnerability stems from a missing capability check on the 'update_settings' function, which allows unauthenticated attackers to modify plugin settings (NVD).

The vulnerability is characterized by a missing authorization check in the plugin's admin functionality. It has received a CVSS v3.1 base score of 5.3 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, while Wordfence assessed it at 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows unauthenticated attackers to modify plugin settings, potentially leading to unauthorized changes in the plugin's configuration. This could affect the integrity of the plugin's functionality and potentially impact the security of the WordPress installation (NVD).

Users should update to a version newer than 1.2.4 of the GTG Product Feed for Shopping plugin to address this vulnerability (NVD).