CVE-2022-1625
The CVE-2022-1625 entry concerns the WordPress plugin New User Approve (versions prior to 2.4). The root cause is missing CSRF protection when updating plugin settings and when creating invitation codes, enabling an attacker to inject or modify data by luring an admin to a crafted page. Impact st...