CVE-2022-45828: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the NooTheme Noo Timetable WordPress plugin versions 2.1.3 and below. The vulnerability was reported on November 29, 2022, and was published by Patchstack on June 27, 2023. This security issue affects the WordPress plugin's functionality and has been assigned CVE-2022-45828 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). According to the National Vulnerability Database, it received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H from NIST. However, Patchstack assessed it with a lower CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered to have a low severity and is unlikely to be exploited (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to and including 2.1.3 of the NOO Timetable plugin (Patchstack).