3 matches found
CVE-2023-4307 Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...
CVE-2023-4307
CVE-2023-4307 affects the WordPress plugin Lock User Account (versions
WordPress Lock User Account Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Lock User Account Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3c98ff9b7d7 Credits Dmitrii Ignatyev...