WordPress WIP Custom Login Plugin by ThemeinProgress

WordPress WIP Custom Login Plugin by ThemeinProgress <= 1.2.6 - Subscriber+ Reset Settings

LANACOMMONVDB ID: 15934778-1045-4f3c-bcaf-1bbd32aceff3

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when reseting plugin settings, which could allow authenticated users to reset them.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/wip-custom-login/

CVE: CVE-2022-42884

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-01

Published: 2022-10-24

Affected Version: <= 1.2.6

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).