CVE-2022-34487: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2022-34487) affects the WordPress Shortcode Addons plugin versions 3.0.2 and below. It is an Unauthenticated Arbitrary Option Update vulnerability that was discovered and disclosed on June 30, 2022. The plugin, developed by biplob018, allows unauthorized users to modify plugin settings without authentication (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium), with an Impact Score of 1.4 and Exploitability Score of 3.9. The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring No privileges (PR:N) and No user interaction (UI:N). The scope is Unchanged (S:U), with No impact on confidentiality (C:N), Low impact on integrity (I:L), and No impact on availability (A:N) (AttackerKB).

The vulnerability allows unauthenticated attackers to modify plugin settings, which could lead to unauthorized changes in the website's configuration. The integrity impact is rated as Low, indicating potential modification of some system files or information (Patchstack).

Users are advised to update to version 3.0.3 or later of the Shortcode Addons plugin, which contains the fix for this vulnerability. The plugin has since been closed as of May 31, 2024, due to security issues (WordPress).