5 matches found
Cross site request forgery (csrf)
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...
Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
The plugin does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=simplewpmembership=bulkdelete%5B0%5D=1%5B1%5D=2...
WordPress Simple Membership plugin <= 4.0.8 - Arbitrary Member Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Member Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Simple Membership plugin versions = 4.0.8. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.9...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
✍️ Description The app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their system. 🕵️♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...