6 matches found
CVE-2022-4024
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
WordPress Pie Register Plugin < 3.8.1.3 is vulnerable to Arbitrary Content Deletion
Software Pie Register Type Plugin Vulnerable versions 3.8.1.3 Fixed in 3.8.1.3 OWASP Top 10 A1: Injection Classification Arbitrary Content Deletion CVE CVE-2022-4024 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 837f46e8cf1c Credits cydave Required privilege...
CVE-2022-4024
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
CVE-2022-4024
The CVE-2022-4024 issue affects the Registration Forms WordPress plugin prior to version 3.8.1.3. It allows unauthenticated attackers to delete arbitrary users (and their posts) via an init action handler due to missing authorization checks and CSRF protection. The vulnerability is evidenced acro...
CVE-2022-4024 Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
CVE-2022-4024 Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...