CVE-2022-47178: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Simple Share Buttons Adder WordPress plugin versions 8.4.7 and below. The vulnerability was discovered on December 10, 2022, and publicly disclosed on April 19, 2023. This security issue affects the plugin's functionality by lacking proper CSRF checks in certain areas (Patchstack, WPScan).

The vulnerability is tracked as CVE-2022-47178 and has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST NVD, while Patchstack rates it at 4.3 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (NVD, Patchstack).

The vulnerability could allow attackers to make logged-in users perform unwanted actions through CSRF attacks. This security issue has been assessed as having a low severity impact, though it enables malicious actors to force higher privileged users to execute unintended actions under their current authentication (WPScan, Patchstack).

The vulnerability was addressed in version 8.5.1 of the Simple Share Buttons Adder plugin. Users are advised to update their plugin to the fixed version to mitigate this security issue (WPScan).