CVE-2022-3208: 
WordPress vulnerability analysis and mitigation

CVE-2022-3208 affects the Simple File List WordPress plugin versions before 4.4.12. The vulnerability was discovered by Raad Haddad of Cloudyrion GmbH and was publicly disclosed on September 19, 2022. This security issue stems from the plugin's failure to implement proper nonce checks in its functionality (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. The CVSS v3.1 base score is 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating a network-accessible vulnerability with low attack complexity, requiring user interaction but no privileges, and potentially resulting in high impact to integrity (NVD).

The vulnerability allows attackers to exploit the lack of nonce checks to make a logged-in administrator create new pages and modify their content without their knowledge or consent. This could lead to unauthorized page creation and content manipulation on affected WordPress sites (WPScan).

The vulnerability has been fixed in version 4.4.13 of the Simple File List WordPress plugin. Site administrators are advised to update to this version or later to mitigate the security risk (WPScan).