CVE-2022-46866: 
WordPress vulnerability analysis and mitigation

The Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2022-46866, affects the WordPress Import External Images plugin versions 1.4 and below. The vulnerability was discovered by researcher Cat on December 11, 2022, and was publicly disclosed on March 16, 2023 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, categorized under CWE-352. It received varying CVSS severity scores, with the NVD assigning a HIGH severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack assessed it as MEDIUM severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though it has been generally assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue affects versions 1.4 and below of the Import External Images plugin (Patchstack).