CVE-2022-38059: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Alexey Trofimov's Access Code Feeder WordPress plugin versions 1.0.3 and below. The vulnerability was assigned CVE-2022-38059 and was initially recorded on August 9, 2022. The plugin was subsequently closed on August 24, 2022, due to security issues (WordPress Plugin, NVD).

The vulnerability has been assessed with varying CVSS v3.1 scores. The National Vulnerability Database (NVD) assigned a High severity base score of 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as Medium severity with a base score of 5.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could potentially allow attackers to execute unauthorized actions on behalf of authenticated users. Based on the CVSS scores, the impact could range from low to high levels of compromise in confidentiality, integrity, and availability of the affected systems (NVD).

The plugin has been closed and is no longer available for download from the WordPress plugin repository as of August 24, 2022. Users are advised to remove the plugin from their WordPress installations (WordPress Plugin).