CVE-2022-4024

MEDIUM

Registration Forms WP <3.8.1.3 - CSRF

Title source: llm
STIX 2.1

Description

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe

Scores

CVSS v3 6.5
EPSS 0.0033
EPSS Percentile 25.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
genetechsolutions/pie_register < 3.8.1.3
Published Dec 19, 2022
Tracked Since Feb 18, 2026