CVE-2022-47422: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the HM Plugin Accept Stripe Donation – AidWP WordPress plugin versions 3.1.5 and earlier. The vulnerability was reported on December 15, 2022, and was publicly disclosed on February 20, 2023 (Patchstack Database).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CVE-2022-47422. It received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery) (NVD Database).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The impact severity is considered low to medium, depending on the assessment source (Patchstack Database).

The vulnerability has been fixed in version 3.1.6 of the WordPress Stripe Donation plugin. Users are advised to update to version 3.1.6 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack Database).