Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:5C8AE097-029C-4DD7-B33F-CA8C2FD0F526
HistoryMay 30, 2023 - 12:00 a.m.

Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion

2023-05-3000:00:00
wpscan.com
5
missing authorization
non-arbitrary user deletion
csrf
ajax
vulnerability
wordpress

0.001 Low

EPSS

Percentile

40.5%

JSON

The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to perform the deletion on their behalf.

PoC

GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-delete-user&id;=7 HTTP/1.1 Cookie: [Subscriber+]

CPENameOperatorVersion
feather-login-pagelt1.1.2

Related

prion 1
cve 1
nvd 1
cvelist 1
wpexploit 1
wordfence 1
prion
prion
Design/Logic Flaw
2023-05-31 03:15:00
cve
cve
CVE-2023-2547
2023-05-31 03:15:09
nvd
nvd
CVE-2023-2547
2023-05-31 03:15:09
cvelist
cvelist
CVE-2023-2547
2023-05-31 02:40:20
wpexploit
wpexploit
Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion
2023-05-30 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)
2023-06-08 13:39:51

0.001 Low

EPSS

Percentile

40.5%

JSON
Related for WPVDB-ID:5C8AE097-029C-4DD7-B33F-CA8C2FD0F526
prion1cve1nvd1cvelist1wpexploit1wordfence1