CVE-2022-45804: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin versions 3.2.9 and below. The vulnerability was disclosed on February 2, 2023, and was assigned CVE-2022-45804. This security issue affects the plugin's functionality related to galleries hierarchy changes, including plugin deactivation and activation capabilities (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) with a CVSS v3.1 Base Score of 5.4 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is unchanged (S:U) with low impacts on integrity (I:L) and availability (A:L), and no impact on confidentiality (C:N) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This includes the ability to modify gallery hierarchies and control plugin activation states (Patchstack).

The vulnerability has been fixed in version 3.2.11 of the plugin. Users are advised to update to this version or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).