Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:5C8AE097-029C-4DD7-B33F-CA8C2FD0F526
HistoryMay 30, 2023 - 12:00 a.m.

Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion

2023-05-3000:00:00
wpvulndb
76
feather
login page
authorization
user deletion
exploit
security issue

EPSS

0.001

Percentile

40.4%

JSON

The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to perform the deletion on their behalf.

GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-delete-user&id=7 HTTP/1.1
Cookie: [Subscriber+]

Related

prion 1
wpvulndb 1
cvelist 1
nvd 1
cve 1
wordfence 1
prion
prion
Design/Logic Flaw
2023-05-31 03:15:00
wpvulndb
wpvulndb
Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion
2023-05-30 00:00:00
cvelist
cvelist
CVE-2023-2547
2023-05-31 02:40:20
nvd
nvd
CVE-2023-2547
2023-05-31 03:15:09
cve
cve
CVE-2023-2547
2023-05-31 03:15:09
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)
2023-06-08 13:39:51

EPSS

0.001

Percentile

40.4%

JSON
Related for WPEX-ID:5C8AE097-029C-4DD7-B33F-CA8C2FD0F526
prion1wpvulndb1cvelist1nvd1cve1wordfence1