CVE-2022-45080: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the KrishaWeb Add Multiple Marker WordPress plugin versions 1.2 and below. The vulnerability was discovered and disclosed on November 11, 2022, and was assigned the identifier CVE-2022-45080 (Patchstack).

The vulnerability has received varying severity assessments. The National Vulnerability Database (NVD) assigned it a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The software is considered abandoned as it hasn't been updated for over a year, increasing the security risk for users (Patchstack).

No official fix is available for this vulnerability. The recommended solution is to remove and replace the software with an alternative, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).