CVE-2023-6751: 
WordPress vulnerability analysis and mitigation

The Hostinger plugin for WordPress (CVE-2023-6751) was discovered to contain a vulnerability related to unauthorized plugin settings updates. The issue was first publicly disclosed on January 5, 2024, affecting all versions up to and including 1.9.7. The vulnerability stems from a missing capability check on the function publish_website, which could allow unauthorized access to maintenance mode settings (NVD, Wordfence Intel).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) by NIST and 7.3 (HIGH) by Wordfence. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L according to NIST's assessment, indicating that it is network-accessible, requires low attack complexity, and needs no privileges or user interaction. The weakness is categorized as CWE-862 (Missing Authorization) (NVD).

The vulnerability allows unauthenticated attackers to enable and disable the maintenance mode of WordPress sites running the affected Hostinger plugin. This could potentially disrupt site availability and allow unauthorized control over site maintenance states (NVD).

A patch has been released to address this vulnerability. Users are advised to update their Hostinger WordPress plugin to a version newer than 1.9.7 (WordPress Patch).