CVE-2022-1625

Published: Jun 27, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.

Affected (1)

Products: Wpexperts: New User Approve

1 product

New User Approve

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpexperts New User Approve	Before 2.4

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/e1693318-900c-47f1-bb77-008b0d33327f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/e1693318-900c-47f1-bb77-008b0d33327f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.