CVE-2022-47142: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Plugincraft Mediamatic – Media Library Folders WordPress plugin versions 2.8.1 and below. The vulnerability was assigned CVE-2022-47142 and was disclosed on December 12, 2022 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. However, Patchstack assessed it with a lower CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-352: Cross-Site Request Forgery (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction and can potentially lead to unauthorized actions being performed on behalf of authenticated users (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. Users of the affected plugin versions (2.8.1 and below) should consider implementing general CSRF protection measures or consider alternative solutions (Patchstack).