CVE-2023-7125: 
WordPress vulnerability analysis and mitigation

The Community by PeepSo WordPress plugin before version 6.3.1.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that affects the user post creation functionality. The vulnerability was discovered by Bikram Kharal and was publicly disclosed on January 9, 2024, with the identifier CVE-2023-7125. This security issue affects the core functionality of the PeepSo plugin, specifically the user post creation feature visible on profile page walls (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms when creating user posts in the profile page. The security issue has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

When exploited, this vulnerability allows attackers to trick logged-in users into creating unauthorized posts on their profile walls through CSRF attacks. The impact is limited to post creation functionality, potentially leading to unwanted content appearing on users' profile pages (WPScan).

The vulnerability has been patched in version 6.3.1.2 of the Community by PeepSo WordPress plugin. Users are strongly advised to update to this version or later to protect against potential CSRF attacks (WPScan).