Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-4309

Description

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.

POC

Reference

- https://wpscan.com/vulnerability/1965f53d-c94e-4322-9059-49de69df1051

Github

- https://github.com/20142995/nuclei-templates