CVE-2022-43488: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Advanced Dynamic Pricing for WooCommerce plugin versions 4.1.5 and earlier for WordPress. The vulnerability was identified on October 30, 2022, and was assigned CVE-2022-43488. This security issue affects the rule type migration functionality in the plugin (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. According to the National Vulnerability Database, it received a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This specifically affects the rule type migration functionality within the plugin (Patchstack).

The vulnerability was patched in version 4.1.6 of the Advanced Dynamic Pricing for WooCommerce plugin. Users are advised to update to version 4.1.6 or later to remove the vulnerability (Patchstack).