CVE-2023-46644: 
WordPress vulnerability analysis and mitigation

CVE-2023-46644 is a Missing Authorization vulnerability affecting WordPress CTA (Call to Action) plugin through version 1.5.8. The vulnerability was discovered by Abdi Pranata and was publicly disclosed on October 25, 2023. This security issue involves broken access control in the WordPress CTA plugin, which allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The issue is classified under CWE-862 (Missing Authorization) and requires no authentication to exploit. The vulnerability specifically relates to broken access control issues where authorization, authentication, or nonce token checks are missing in functions that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It allows unprivileged users to perform actions that should be restricted to users with higher privileges. The impact primarily affects the integrity and availability of the system, as indicated by the CVSS metrics showing low impact on both these aspects (Patchstack).

The vulnerability has been fixed in version 1.5.9 of the WordPress CTA plugin. Users are advised to update to version 1.5.9 or later to remove the vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking any attacks until the update to a fixed version can be completed (Patchstack).