Published on: Not Yet Published
Last Modified on: 01/24/2023 07:32:00 PM UTC
CVE-2022-4309Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Subscribe2 from Subscribe2 Project contain the following vulnerability:
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.
- CVE-2022-4309 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.
- Affected Vendor/Software: Unknown - Subscribe2 version = 0
CVSS3 Score: 3.1 - LOW
|Subscribe2 < 10.38 - User Deletion via CSRF WordPress Security Vulnerability|| web.archive.org |
Inactive LinkNot Archived
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
No vendor comments have been submitted for this CVE