6.5
CVE-2022-4024
- EPSS 0.32%
- Veröffentlicht 19.12.2022 14:15:11
- Zuletzt bearbeitet 17.04.2025 15:15:53
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
Mögliche Gegenmaßnahme
Pie Register – User Registration, Profiles & Content Restriction: Update to version 3.8.1.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Pie Register – User Registration, Profiles & Content Restriction
Version
*-3.8.1.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Genetechsolutions ≫ Pie Register SwPlatformwordpress Version < 3.8.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.546 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.