3 matches found
CVE-2016-10883
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users...
CVE-2025-1668 School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpspDeleteUser function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...
CVE-2018-19829
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/listausuarios, resulting in the ability to delete an arbitrary user when the ID number is known...