CVE-2024-11197

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

WordPress plugin Lock User Account 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Lock User Account plugin <= 1.0.5 - User Lock Bypass vulnerability

User Lock Bypass vulnerability discovered by Francesco Carlucci in WordPress Plugin Lock User Account versions = 1.0.5...

WordPress Lock User Account Plugin <= 1.0.5 is vulnerable to Broken Authentication

Software Lock User Account Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-11197 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 83b2ce1638c9 Credits Francesc...

CVE-2023-4307

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...

CVE-2023-4307

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...

Cross site request forgery (csrf)

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...

CVE-2023-4307 Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...

CVE-2023-4307 Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...

CVE-2023-4307

CVE-2023-4307 affects the WordPress plugin Lock User Account (versions

PT-2023-28679 · WordPress · Lock User Account

Name of the Vulnerable Software and Affected Versions: Lock User Account WordPress plugin versions 1.0.3 and earlier Description: The issue concerns a lack of CSRF check in the Lock User Account WordPress plugin when performing bulk locking and unlocking of accounts. This could allow attackers to...

WordPress plugin Lock User Account Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Lock User Account Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Lock User Account Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3c98ff9b7d7 Credits Dmitrii Ignatyev...