CVE-2022-4024

{"id": "CVE-2022-4024", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-19T14:15:11.760", "references": [{"url": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)"}, {"lang": "es", "value": "El complemento de WordPress Registration Forms anterior a 3.8.1.3 no tiene autorizaci\u00f3n ni CSRF al eliminar usuarios a trav\u00e9s de un controlador de acci\u00f3n init, lo que permite a atacantes no autenticados eliminar usuarios arbitrarios (junto con sus publicaciones)."}], "lastModified": "2023-11-07T03:56:44.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1E288D5D-C2AA-4309-9604-21B3612CB3DF", "versionEndExcluding": "3.8.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}