CVE-2022-47149: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Pretty Links WordPress plugin affecting versions 3.4.0 and below. The vulnerability was reported on December 10, 2022, and was publicly disclosed on April 13, 2023. The issue was assigned CVE-2022-47149 and has been fixed in version 3.4.1 (Patchstack).

The vulnerability stems from the absence of CSRF protection mechanisms when clearing Link Visits statistics in the Pretty Links plugin. The severity of this vulnerability has been assessed with different CVSS scores: NIST assigned a high severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as medium severity with a score of 4.3. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (WPScan, NVD).

The vulnerability could allow attackers to force authenticated administrators to perform unwanted actions related to clearing Link Visits statistics without their consent. This could potentially lead to loss of statistical data and unauthorized administrative actions (Patchstack).

The vulnerability has been patched in Pretty Links version 3.4.1. Users are advised to update to this version or later to resolve the security issue. The fix is considered a low-priority update due to the relatively low severity impact (Patchstack).