CVE-2014-3850
Member Approval 131109 - Cross-Site Request Forgery via wp-admin/options-general.php
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jun/63
Exploit x_refsource_misc
https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations
Scores
EPSS
0.0102
EPSS Percentile
59.4%
Details
CWE
CWE-352
Status
published
Products (1)
member_approval_plugin_project/member_approval
131109
Published
Jun 11, 2014
Tracked Since
Feb 18, 2026