CVE-2022-38085: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WordPress plugin 'Read more By Adam' versions 1.1.8 and below. The vulnerability was discovered and reported by Patchstack, with the CVE identifier CVE-2022-38085 being assigned on September 8, 2022 (MITRE CVE).

The vulnerability has been assessed with varying CVSS v3.1 scores. The National Vulnerability Database (NVD) assigned a HIGH severity base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as MEDIUM severity with a base score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could allow attackers to perform unauthorized actions on behalf of authenticated users when they visit a maliciously crafted webpage. Based on the CVSS scores, the potential impact ranges from low to high, affecting the confidentiality, integrity, and availability of the system (NVD).

As of October 10, 2024, the plugin has been closed and is no longer available for download due to security issues. Users are advised to remove the plugin from their WordPress installations (WordPress Plugin).