{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4024", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04", "dateReserved": "2022-11-16T15:45:06.978Z", "datePublished": "2022-12-19T13:41:40.069Z", "dateUpdated": "2024-08-03T01:27:54.143Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-12-19T13:41:40.069Z"}, "title": "Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Registration Forms", "collectionURL": "https://wordpress.org/plugins", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "3.8.1.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)"}], "references": [{"url": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "cydave", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.143Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1E288D5D-C2AA-4309-9604-21B3612CB3DF", "versionEndExcluding": "3.8.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)"}, {"lang": "es", "value": "El complemento de WordPress Registration Forms anterior a 3.8.1.3 no tiene autorizaci\u00f3n ni CSRF al eliminar usuarios a trav\u00e9s de un controlador de acci\u00f3n init, lo que permite a atacantes no autenticados eliminar usuarios arbitrarios (junto con sus publicaciones)."}], "id": "CVE-2022-4024", "lastModified": "2024-11-21T07:34:28.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T14:15:11.760", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}