4.3
CVE-2023-4307
- EPSS 0.22%
- Veröffentlicht 11.09.2023 20:15:12
- Zuletzt bearbeitet 23.04.2025 17:16:43
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginLock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF
Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock/Unlock
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack
Mögliche Gegenmaßnahme
Lock User Account: Update to version 1.0.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teknigar ≫ Lock User Account SwPlatformwordpress Version <= 1.0.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Lock User Account
Version
*-1.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.12 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
https://wpscan.com/vulnerability/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3
https://www.wordfence.com/threat-intel/vulnerabilities/id/d06f265c-c1c1-4316-9526-3392f6ee31da