CVE-2023-7231: 
WordPress vulnerability analysis and mitigation

The illi Link Party! WordPress plugin through version 1.0 contains a security vulnerability identified as CVE-2023-7231. The vulnerability was discovered by Bob Matyas and publicly disclosed on January 23, 2024. This security flaw affects the link-party plugin and stems from improper access control implementation (WPScan).

The vulnerability is classified as an Access Control issue (CWE-284) with a CVSS score of 7.3 (HIGH) according to CISA-ADP assessment. The technical nature of the vulnerability involves a lack of proper access controls in the plugin's functionality, specifically in the link deletion feature. The vulnerability can be exploited through a specific URL endpoint that handles link deletion functions (WPScan, NIST).

The vulnerability allows unauthenticated visitors to delete links from the WordPress site without requiring any authentication or authorization. This can lead to unauthorized content manipulation and potential disruption of site functionality (WPScan).

Currently, there is no known fix available for this vulnerability. Users of the illi Link Party! plugin should consider either removing the plugin or implementing additional security controls at the web application level to prevent unauthorized access to the link deletion functionality (WPScan).