Because of this vulnerability, the attackers can delete arbitrary users via a request containing a user name in the “Email” parameter and the API key in the “i4w_clearuser” parameter.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
imember360 | le | 3.9.001 |