CVE-2022-2350
MEDIUMDisable User Login < 1.0.1 - Unauthenticated Missing Authorization
Title source: llmDescription
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96
Scores
CVSS v3
5.3
EPSS
0.0041
EPSS Percentile
32.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-352
CWE-862
Status
published
Products (1)
brainvire/disable_user_login
< 1.0.1
Published
Oct 10, 2022
Tracked Since
Feb 18, 2026