CVE-2024-53723: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress plugin Google Plus Share and +1 Button through version 1.0. The vulnerability was discovered by researcher SOPROBRO and was publicly disclosed on November 22, 2024. This security issue has been assigned CVE-2024-53723 and affects all versions of the plugin up to and including version 1.0 (Patchstack).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The security issue is classified under CWE-352 (Cross-Site Request Forgery) and can potentially lead to stored Cross-Site Scripting (XSS) attacks (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The CSRF vulnerability combined with stored XSS capabilities increases the potential impact on affected WordPress installations (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been classified as having a low priority for virtual patching, suggesting that while the vulnerability exists, the likelihood of exploitation is considered low (Patchstack).