Multiple CSRF affected this plugin in versions <= 1.1.3.3, all of them have been patched in plugin version 1.1.4. These CSRF issues were registered under multiple CVE IDs (CVE-2023-4935, CVE-2023-4926, CVE-2023-4942, CVE-2023-4923, CVE-2023-4920, CVE-2023-4935, CVE-2023-4937, CVE-2023-4940).
While this vulnerability can be initiated by the role shown in "Required Privilege", successful exploitation requires a privileged user to perform an action — such as clicking a malicious link, visiting a crafted page, or submitting a form.
This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
This security issue has a low severity impact and is unlikely to be exploited.
Update to version 1.1.4 or later to resolve the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.