Lucene search
WPScanCVELIST:CVE-2023-4307HistorySep 11, 2023 - 7:46 p.m.
CVE-2023-4307 Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF
2023-09-1119:46:04
WPScan
www.cve.org
1
cve-2023-4307
lock user account
arbitrary account lock/unlock
csrf
wordpress
vulnerability
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack
CNA Affected
[
{
"vendor": "Unknown",
"product": "Lock User Account",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.0.3"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Lock User Account < 1.0.4- Arbitrary Account Lock/Unlock via CSRF
2023-08-21 00:00:00
nvd
nvd
CVE-2023-4307
2023-09-11 20:15:12
cve
cve
CVE-2023-4307
2023-09-11 20:15:12
wpexploit
wpexploit
Lock User Account < 1.0.4- Arbitrary Account Lock/Unlock via CSRF
2023-08-21 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-09-11 20:15:00
wordfence
wordfence