CVE-2022-3882

Name of the Vulnerable Software and Affected Versions Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin versions prior to 2.46

Description The issue concerns a lack of proper authorization and CSRF protection in an AJAX action. This allows any authenticated user, such as a subscriber, to install and activate arbitrary plugins from wordpress.org.

Recommendations For versions prior to 2.46, update to version 2.46 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until the update is applied.