CVE-2023-46196: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress plugin 'Social proof testimonials and reviews by Repuso' versions 4.97 and below. The vulnerability was reported on June 12, 2023, and publicly disclosed on October 18, 2023. This security issue was assigned CVE-2023-46196 and received a CVSS score of 4.3, indicating medium severity (Patchstack).

The vulnerability is classified as a Broken Access Control issue, which stems from missing authorization, authentication, or nonce token checks in certain functions. This security flaw could potentially allow unprivileged users to execute actions typically reserved for users with higher privileges. The vulnerability affects all versions of the plugin up to and including version 4.97 (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. As a Broken Access Control issue, it could potentially allow unauthorized users to perform privileged actions within the WordPress installation running the affected plugin (Patchstack).

The vulnerability has been fixed in version 5.00 of the plugin. Users are advised to update to version 5.00 or later to resolve the security issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).