The New User Approve WordPress plugin lacks CSRF check, allowing attackers to add unauthorized invitation codes and change plugin settings by tricking admin user
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
CVE | CVE-2022-1625 | 27 Jun 202209:15 | β | cve |
CNVD | WordPress New User Approve pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄ | 30 Jun 202200:00 | β | cnvd |
Prion | Cross site request forgery (csrf) | 27 Jun 202209:15 | β | prion |
Cvelist | CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF | 27 Jun 202208:57 | β | cvelist |
Patchstack | WordPress New User Approve plugin <= 2.3 - Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability | 1 Jun 202200:00 | β | patchstack |
WPVulnDB | New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF | 1 Jun 202200:00 | β | wpvulndb |
wpexploit | New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF | 1 Jun 202200:00 | β | wpexploit |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo