CVE-2022-1779: 
WordPress vulnerability analysis and mitigation

The Auto Delete Posts WordPress plugin through version 1.3.0 contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2022-1779. The vulnerability was discovered by Daniel Ruf and publicly disclosed on May 23, 2022. This security flaw affects the plugin's settings update functionality, potentially impacting WordPress installations using the affected versions (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms in the plugin's settings update functionality. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 8.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

If exploited, this vulnerability could allow attackers to manipulate plugin settings through a CSRF attack, potentially leading to unauthorized deletion of specific posts, categories, and attachments when a logged-in administrator visits a malicious page (WPScan).

As of the latest reports, there is no known fix available for this vulnerability. Website administrators using the Auto Delete Posts plugin version 1.3.0 or earlier should consider either removing the plugin or implementing additional security measures to protect against CSRF attacks (WPScan).