CVE-2022-36296: 
WordPress vulnerability analysis and mitigation

A Broken Authentication vulnerability was discovered in JumpDEMAND Inc.'s ActiveDEMAND WordPress plugin versions 0.2.27 and earlier. The vulnerability was identified on August 2, 2022, and assigned CVE-2022-36296. This security flaw allows unauthenticated users to perform unauthorized post update, create, and delete operations (Patchstack Database).

The vulnerability is classified as CWE-287 (Improper Authentication) and received a CVSS v3.1 base score of 6.5 (Medium) from Patchstack with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The NVD assigned a slightly lower CVSS score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD).

The vulnerability allows unauthorized users to perform post management operations including creation, updating, and deletion of content, potentially compromising the integrity of the WordPress website's content (Patchstack Database).

Users are advised to update to ActiveDEMAND plugin version 0.2.28 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack Database).