Lucene search
K

5 matches found

Prion
Prion
added 2022/02/28 9:15 a.m.18 views

Cross site request forgery (csrf)

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...

4.3CVSS4.7AI score0.00464EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/02/28 9:6 a.m.36 views

CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...

5AI score0.00464EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/01/25 12:0 a.m.16 views

Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF

The plugin does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=simplewpmembership=bulkdelete%5B0%5D=1%5B1%5D=2...

4.7CVSS3.6AI score0.00464EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/01/25 12:0 a.m.27 views

WordPress Simple Membership plugin <= 4.0.8 - Arbitrary Member Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Member Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Simple Membership plugin versions = 4.0.8. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.9...

4.7CVSS3.7AI score0.00464EPSS
Exploits2References3Affected Software1
Huntr
Huntr
added 2021/07/03 12:24 p.m.7 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description The app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their system. 🕵️‍♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

2.6AI score
Exploits0References1
Rows per page
Query Builder