3 matches found
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...
WordPress Simple Membership plugin <= 4.0.8 - Arbitrary Member Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Member Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Simple Membership plugin versions = 4.0.8. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.9...
Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
The plugin does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=simplewpmembership=bulkdelete%5B0%5D=1%5B1%5D=2...