CVE-2021-24836

The CVE concerns the WordPress plugin Temporary Login Without Password (versions before 1.7.1). The vulnerability arises from missing authorization checks and CSRF protections when updating settings, allowing any logged-in user (e.g., subscribers) to modify settings. Impact is limited to settings...