CVE-2022-35238: 
WordPress vulnerability analysis and mitigation

CVE-2022-35238 is a security vulnerability affecting the Awesome Filterable Portfolio WordPress plugin versions 1.9.7 and below. The vulnerability was discovered and reported by Patchstack on September 14, 2022. It is classified as an Unauthenticated Plugin Settings Change vulnerability, which means unauthorized users could potentially modify plugin settings without authentication (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. Patchstack assessed it with a slightly higher CVSS score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The vulnerability is categorized under CWE-264 (Permissions, Privileges, and Access Controls) (NVD).

The vulnerability allows unauthorized users to modify plugin settings, which could potentially lead to changes in the website's portfolio display and functionality. The CVSS scores indicate that while there is no direct impact on confidentiality, there are potential impacts on integrity and, according to Patchstack's assessment, availability of the system (NVD).

As of September 14, 2022, the plugin has been closed and is no longer available for download from the WordPress plugin repository due to security issues. Users are advised to remove this plugin from their WordPress installations (WordPress Plugin).