CVE-2022-36292: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerabilities were discovered in WPChill Gallery PhotoBlocks WordPress plugin versions up to and including 1.2.8. The vulnerability was identified on August 10, 2022, and assigned CVE-2022-36292. The issue affects the plugin's functionality due to missing nonce validation on the init() function (Patchstack).

The vulnerability stems from insufficient CSRF protections, specifically the lack of nonce validation in the init() function. The CVSS v3.1 base score is 5.4 (Medium) according to the vendor assessment, while NVD rates it at 8.8 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow unauthenticated attackers to force higher privileged users to execute unwanted actions under their current authentication. Specifically, attackers could potentially delete or copy photo galleries via forged requests if they can trick a site administrator into performing certain actions, such as clicking on a malicious link (Patchstack).

The vulnerability was fixed in version 1.2.9 of the Gallery PhotoBlocks plugin. Users are advised to update to this version or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).