CVE-2023-4307 Information

Sep 16, 2023 cve

Description

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack

Reference

https://wpscan.com/vulnerability/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3

Share on: