Vulnerabilities > CVE-2022-4266 - Unspecified vulnerability in Speakdigital Bulk Delete Users BY Email 1.2

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
speakdigital
NVD
Published: 2022-12-26
Updated: 2023-11-07

Summary

The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their email via a CSRF attack

Vulnerable Configurations

Part Description Count
Application
Speakdigital
2

References