CVE-2022-47159: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Logaster Logo Generator WordPress plugin versions 1.3 and below. The vulnerability was identified on December 14, 2022, and publicly disclosed on January 4, 2023. This security issue affects the plugin's upload_logo_callback and delete_logo_callback functions (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD, Patchstack).

The vulnerability allows an unauthenticated attacker to trick a logged-in administrator into deleting or uploading arbitrary media files on their behalf by submitting a crafted request. This security issue has been categorized under the OWASP Top 10 as A5: Broken Access Control (WPScan).

As of the latest reports, there is no official fix available for this vulnerability. The issue affects all versions up to and including version 1.3 of the Logaster Logo Generator plugin. Patchstack has classified this as a low-priority issue that does not require virtual patching (Patchstack).