CVE-2022-45079: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Softaculous Loginizer WordPress plugin versions 1.7.5 and below. The vulnerability was reported on November 14, 2022, and was assigned CVE-2022-45079. The issue was publicly disclosed on December 5, 2022, by Patchstack (Patchstack Database).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS v3.1 base score of 4.3 (Medium) according to Patchstack, while NVD rates it at 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires no authentication to exploit and was identified as CWE-352 (Cross-Site Request Forgery) (NVD Database).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, but it potentially enables attackers to perform actions on behalf of authenticated users without their consent (Patchstack Database).

The vulnerability was fixed in version 1.7.6 of the Loginizer plugin. Users are advised to update to version 1.7.6 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack Database).