Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by brainvire

CVE-2022-2350 (GCVE-0-2022-2350)

Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 00:32
VLAI
Title
Disable User Login <= 1.0.1 - Unauthenticated Settings Update
Summary
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
Severity
No CVSS data available.
CWE
  • CWE-862 - Missing Authorization
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
Vendor Product Version
Unknown Disable User Login Affected: 1.0.1 , ≤ 1.0.1 (custom)
Create a notification for this product.
Credits
Rafshanzani Suhada
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Disable User Login",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "1.0.1",
              "status": "affected",
              "version": "1.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rafshanzani Suhada"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-10T00:00:00.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "url": "https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Disable User Login \u003c= 1.0.1 - Unauthenticated Settings Update",
      "x_generator": "WPScan CVE Generator"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2350",
    "datePublished": "2022-10-10T00:00:00.000Z",
    "dateReserved": "2022-07-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:32:09.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}