CVE-2023-45101: 
WordPress vulnerability analysis and mitigation

CVE-2023-45101 is a Missing Authorization vulnerability affecting the CusRev Customer Reviews for WooCommerce WordPress plugin through version 5.36.0. The vulnerability was discovered by Abdi Pranata and was publicly disclosed on October 6, 2023. The issue specifically impacts the plugin's reviews exporter functionality (Patchstack, NVD).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 base score of 4.3 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and requiring low privileges. The security issue stems from missing capability checks on the checkprogress and cancelexport functions, which could allow unauthorized access to data and modification capabilities (NVD, WPScan).

The vulnerability allows authenticated attackers with subscriber-level access or higher to check the progress of or cancel reviews exports without proper authorization. This represents a broken access control issue that could lead to unauthorized access to data and potential modification of export functionalities (Patchstack).

The vulnerability has been fixed in version 5.36.1 of the Customer Reviews for WooCommerce plugin. Users are advised to update to this version or later to remediate the security issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).