CVE-2022-46814: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Pierre Lebedel Kodex Posts likes WordPress plugin versions 2.4.3 and below. The vulnerability was reported on December 8, 2022, and was assigned CVE-2022-46814 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. According to the National Vulnerability Database, it received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, though Patchstack assessed it with a lower CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, but it affects the security of WordPress installations using the vulnerable plugin versions (Patchstack).

The vulnerability has been fixed in version 2.5.0 of the Kodex Posts likes plugin. Users are advised to update to version 2.5.0 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).