Lucene search
Krzysztof ZającWPEX-ID:44532B7C-4D0D-4959-ADA4-733F377D6EC9HistoryJan 25, 2022 - 12:00 a.m.
Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
2022-01-2500:00:00
Krzysztof Zając
70
0.001 Low
EPSS
Percentile
30.2%
The plugin does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
https://example.com/wp-admin/admin.php?page=simple_wp_membership&action=bulk_delete&members%5B0%5D=1&members%5B1%5D=2Related
wpvulndb
wpvulndb
Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
2022-01-25 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2022-0328
2022-02-28 09:15:08
cvelist
cvelist
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
2022-02-28 09:06:45
cnvd
cnvd
WordPress Simple Membership plugin跨站请求伪造漏洞
2022-03-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
cve
cve
CVE-2022-0328
2022-02-28 09:15:08