exploitDog

CVE-2022-2350

Опубликовано: 10 окт. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

Ссылки

https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brainvire:disable_user_login:*:*:*:*:*:wordpress:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 33%

0.00128

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-7x9j-ghjr-74hq

CVSS3: 5.3

github

больше 3 лет назад

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

EPSS

Процентиль: 33%

0.00128

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352