Lucene search
China National Vulnerability DatabaseCNVD-2022-56561HistoryJun 30, 2022 - 12:00 a.m.
WordPress New User Approve plugin跨站请求伪造漏洞
2022-06-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
wordpress
plugin
version
vulnerable
cross-site request forgery
csrf
settings
invitation code
admin user
exploit
EPSS
0.001
Percentile
25.9%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress New User Approve plugin versions prior to 2.4 are vulnerable to cross-site request forgery, which stems from a CSRF check that is not performed when the plugin updates its settings and adds an invitation code. An attacker could exploit this vulnerability to add an invitation code (used to bypass the restrictions provided) and change the plugin settings to a specially crafted website by tricking the admin user into visiting.
Related
cve
cve
CVE-2022-1625
2022-06-27 09:15:09
nvd
nvd
CVE-2022-1625
2022-06-27 09:15:09
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
cvelist
cvelist
wpvulndb
wpvulndb
patchstack
patchstack
wpexploit
wpexploit