CVE-2022-45823: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the GalleryPlugins Video Contest WordPress plugin versions 3.2 and below. The vulnerability was assigned CVE-2022-45823 and was publicly disclosed on May 25, 2023. The vulnerability affects the Video Contest WordPress plugin, which lacks adequate request verification through nonces (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) with a CVSS v3.1 base score of 4.3 (Medium) according to Patchstack, while NIST assigned it a score of 8.8 (High). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required. The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery) (NVD, WPScan).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact primarily affects the integrity of the system, with potential consequences for confidentiality and availability (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).