Lucene search
WPScanCVELIST:CVE-2022-1625HistoryJun 27, 2022 - 8:57 a.m.
CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
2022-06-2708:57:11
CWE-352
WPScan
www.cve.org
1
new user approve
csrf
settings update
invitation code creation
wordpress
plugin
admin users
bypassing restrictions
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.
CNA Affected
[
{
"product": "New User Approve",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4",
"status": "affected",
"version": "2.4",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
WordPress New User Approve pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2022-06-30 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
cve
cve
CVE-2022-1625
2022-06-27 09:15:09
nvd
nvd
CVE-2022-1625
2022-06-27 09:15:09
wpvulndb
wpvulndb
patchstack
patchstack
wpexploit
wpexploit