Lucene search
WPScanCVE-2022-4266HistoryDec 26, 2022 - 1:15 p.m.
CVE-2022-4266
2022-12-2613:15:14
WPScan
web.nvd.nist.gov
33
cve-2022-4266
wordpress
plugin
csrf
admin
user deletion
security vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
34.2%
The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their email via a CSRF attack
Affected configurations
Node
speakdigitalbulk_delete_users_by_emailRange≤1.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| speakdigital | bulk_delete_users_by_email | * | cpe:2.3:a:speakdigital:bulk_delete_users_by_email:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Bulk Delete Users by Email",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.2"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-4266
2022-12-26 13:15:14
prion
prion
Cross site request forgery (csrf)
2022-12-26 13:15:00
cvelist
cvelist
CVE-2022-4266 Bulk Delete Users by Email <= 1.2 - User Deletion via CSRF
2022-12-26 12:28:14
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
34.2%
Related for CVE-2022-4266