CVE-2022-1570: 
WordPress vulnerability analysis and mitigation

The Files Download Delay WordPress plugin before version 1.0.7 contains a security vulnerability identified as CVE-2022-1570. The vulnerability was discovered by Daniel Ruf and publicly disclosed on May 13, 2022. This security issue affects the plugin's settings reset functionality, potentially impacting WordPress installations using the affected versions (WPScan).

The vulnerability stems from missing authorization and CSRF (Cross-Site Request Forgery) checks in the plugin's settings reset functionality. The issue has been assigned a CVSS score of 5.4 (medium severity) and is classified under CWE-862 (Missing Authorization). The vulnerability falls under the OWASP Top 10 category A5: Broken Access Control (WPScan).

When exploited, this vulnerability allows any authenticated user, including those with minimal privileges such as subscribers, to reset the plugin's settings to their default values. This could potentially disrupt the plugin's configuration and affect the website's functionality (WPScan).

The vulnerability has been fixed in version 1.0.7 of the Files Download Delay plugin. Website administrators are advised to update to this version or later to mitigate the security risk (WPScan).