CVE-2022-0328
MEDIUMSimple Membership < 4.0.9 - Cross-Site Request Forgery via Bulk Member Deletion
Title source: llmDescription
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/44532b7c-4d0d-4959-ada4-733f377d6ec9
Release Notes, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2662855
Scores
CVSS v3
4.7
EPSS
0.0046
EPSS Percentile
36.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
simple-membership-plugin/simple_membership
< 4.0.9
Published
Feb 28, 2022
Tracked Since
Feb 18, 2026