CVE-2023-46605: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the Convertful WordPress plugin (Your Ultimate On-Site Conversion Tool) affecting versions through 2.5. The vulnerability was discovered by researcher Kévin Mosbahi (Mika) and was assigned CVE-2023-46605 on October 24, 2023. The issue relates to incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. The impact primarily affects integrity with low severity (Patchstack).

The broken access control vulnerability could allow an unprivileged user to execute certain higher privileged actions. The software has been marked as potentially abandoned, as it hasn't received updates for over a year, which increases the security risk for users continuing to use the vulnerable versions (Patchstack).

The vulnerability has been fixed in version 2.6 of the plugin. Users are advised to update to version 2.6 or later to remove the vulnerability. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).