CVE-2022-2350
The CVE-2022-2350 entry concerns the WordPress plugin Disable User Login (versions up to 1.0.1). The root cause is missing authorization checks and CSRF protection when updating plugin settings, enabling unauthenticated attackers to block or unblock users. Public technical details describe the af...