CVE-2020-22761: 
FlatPress vulnerability analysis and mitigation

Cross Site Request Forgery (CSRF) vulnerability was discovered in FlatPress version 1.1, specifically affecting the DeleteFile function in flat/admin.php. The vulnerability was disclosed in 2020 and assigned identifier CVE-2020-22761 (NVD).

The vulnerability exists because the DeleteFile function is implemented using an unauthenticated GET method without proper CSRF protection tokens. The affected component is located in fp-plugins\mediamanager\tpls\admin.plugin.mediamanager.files.tpl. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

Due to the lack of anti-CSRF tokens, an attacker can potentially execute unauthorized file deletion operations by tricking authenticated users into clicking malicious links or visiting compromised websites. This could lead to deletion of arbitrary files on the system (GitHub Issue).

The vulnerability was reported in FlatPress version 1.1. Users should upgrade to a patched version if available. Additionally, implementing proper CSRF protection tokens for all state-changing operations is recommended as a general security measure (GitHub Issue).