The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-10-10T00:00:00

Updated: 2024-08-03T00:32:09.701Z

Reserved: 2022-07-08T00:00:00

Link: CVE-2022-2350

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-10T21:15:10.550

Modified: 2024-11-21T07:00:49.233

Link: CVE-2022-2350

cve-icon Redhat

No data.