AI Score
Confidence
High
EPSS
Percentile
24.1%
Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in admins enable and disable login for arbitrary users via a CSRF attack
patchstack.com/database/vulnerability/disable-user-login/wordpress-disable-user-login-plugin-1-3-7-cross-site-request-forgery-csrf-vulnerability