CVE-2022-2350

Disable User Login <= 1.0.1 - Unauthenticated Settings Update

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

Affected products

Unknown · Disable User Login

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96