CVE-2022-2350

MEDIUM

Disable User Login < 1.0.1 - Unauthenticated Missing Authorization

Title source: llm
STIX 2.1

Description

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.0041
EPSS Percentile 32.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
brainvire/disable_user_login < 1.0.1
Published Oct 10, 2022
Tracked Since Feb 18, 2026