exploitDog

GHSA-7x9j-ghjr-74hq

Опубликовано: 11 окт. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

Ссылки

EPSS

Процентиль: 33%

0.00128

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-2350

CVSS3: 5.3

nvd

больше 3 лет назад

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

EPSS

Процентиль: 33%

0.00128

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352