Vulnerabilities > CVE-2022-4309 - Unspecified vulnerability in Subscribe2 Project Subscribe2
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.