CVE-2014-3850

Published: Jun 11, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.

Affected (1)

Products: Member Approval Plugin Project: Member Approval

Member Approval Plugin Project

1 product

Member Approval

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Member Approval Plugin Project Member Approval	Version 131109

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://seclists.org/fulldisclosure/2014/Jun/63

Source: cve@mitre.org

Exploit

https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Jun/63

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.