CVE-2022-43482: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress Appointment Booking Calendar plugin versions 1.3.69 and below. The vulnerability was identified on October 30, 2022, and was assigned CVE-2022-43482. The issue affects the feedback submission functionality of the plugin (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) that allows for feedback submission via Cross-Site Request Forgery (CSRF). The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) according to NIST's assessment, while Patchstack assigned it a score of 4.3 (MEDIUM). The technical nature of the vulnerability involves the absence of proper CSRF checks when submitting feedback, potentially allowing attackers to make logged-in users perform actions on their behalf (WPScan, NVD).

The vulnerability could allow attackers to execute unauthorized actions through CSRF attacks, specifically targeting the feedback submission functionality. The impact is considered more severe by NIST's assessment due to potential unauthorized access and control implications (NVD).

The vulnerability was fixed in version 1.3.70 of the Appointment Booking Calendar plugin. Users are advised to update to version 1.3.70 or later to remediate the security issue. The fix primarily addresses the missing authorization controls in the feedback submission functionality (Patchstack).