CVE-2022-0745: 
WordPress vulnerability analysis and mitigation

CVE-2022-0745 is a security vulnerability affecting the WordPress plugin Like Button Rating versions below 2.6.45. The vulnerability was discovered by Krzysztof Zając and publicly disclosed on May 23, 2022. This security issue affects the Like Button Rating (likebtn-like-button) WordPress plugin, which is used for adding like button functionality to WordPress websites (WPScan).

The vulnerability is classified as a Missing Authorization issue (CWE-862) and falls under the OWASP Top 10 category A5: Broken Access Control. It has been assigned a CVSS score of 4.3 (medium severity). The technical issue allows any authenticated user, including those with minimal privileges such as subscribers, to send arbitrary emails to any recipient with custom subject lines and body content (WPScan).

The vulnerability enables any logged-in user, even those with minimal privileges like subscribers, to abuse the plugin's email notification system. Attackers can potentially use this vulnerability to send unauthorized emails from the WordPress site to any recipient, which could be exploited for spam campaigns or social engineering attacks (WPScan).

The vulnerability has been fixed in version 2.6.45 of the Like Button Rating plugin. Site administrators are strongly advised to update to this version or later to mitigate the security risk (WPScan).