This vulnerability is a CSRF issue in the MyThemeShop Schema Lite WordPress plugin, affecting versions through 1.2.2. It allows attackers to perform unauthorized actions by exploiting the trust a web application has in the user's browser. The CVSS 3.1 base score is 4.3, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and no availability impact. No patch or official remediation level has been disclosed as of the publication date.

The impact is limited to low integrity loss without affecting confidentiality or availability. An attacker could potentially cause unauthorized changes via CSRF if a user with sufficient privileges is tricked into executing a malicious request. There are no known active exploits in the wild, reducing immediate risk.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider implementing CSRF protections such as verifying nonces or tokens in requests if possible. Monitoring official MyThemeShop channels for updates is recommended.