4 matches found
CVE-2022-2355
The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin...
CVE-2022-2355
The CVE-2022-2355 entry affects the WordPress plugin Easy Username Updater (versions prior to 1.0.5). The root cause is lack of CSRF checks, which could allow a logged-in admin to arbitrarily change any user’s username (including the admin). Affected behavior and impact are described in multiple ...
PT-2022-16067 · WordPress · Easy Username Updater
Name of the Vulnerable Software and Affected Versions: Easy Username Updater WordPress plugin versions prior to 1.0.5 Description: The issue is related to the lack of CSRF checks in the Easy Username Updater WordPress plugin. This could allow attackers to make a logged-in admin change any user's...
Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF
The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin...