cbcvebase.
CVE-2022-4024
published 2022-12-19

CVE-2022-4024: The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing…

PriorityP431medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.33%
25.2th percentile
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)

Affected

1 ranges
VendorProductVersion rangeFixed in
genetechsolutionspie_register< 3.8.1.33.8.1.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.