Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2014/Jun/63 - Exploit | |
References | () https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations - Exploit |
Information
Published : 2014-06-11 14:55
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3850
Mitre link : CVE-2014-3850
CVE.ORG link : CVE-2014-3850
JSON object : View
Products Affected
member_approval_plugin_project
- member_approval
CWE
CWE-352
Cross-Site Request Forgery (CSRF)