Vulnerability Description
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brainvire | Disable User Login | <= 1.0.1 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96ExploitThird Party Advisory
- https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96ExploitThird Party Advisory
FAQ
What is CVE-2022-2350?
CVE-2022-2350 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
How severe is CVE-2022-2350?
CVE-2022-2350 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2350?
Check the references section above for vendor advisories and patch information. Affected products include: Brainvire Disable User Login.