- Lana Codes
- Common Vulnerabilities
WordPress WIP Custom Login Plugin by ThemeinProgress <= 1.2.6 - Subscriber+ Reset Settings
LANACOMMONVDB ID: 15934778-1045-4f3c-bcaf-1bbd32aceff3
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when reseting plugin settings, which could allow authenticated users to reset them.
You must be log in to view vulnerability details.
Or register a new account.