CVE-2022-4024
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Registration Forms | 0 < 3.8.1.3 | affected |
Weaknesses
- CWE-862 Missing Authorization
- CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.