CSRF Vulnerability in Lock User Account WordPress Plugin

CSRF Vulnerability in Lock User Account WordPress Plugin

CVE-2023-4307 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack

Learn more about our Wordpress Pen Testing.