CVE-2022-0328

CVE-2022-0328: Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF

Vendor Unknown

Product Simple Membership

Weakness CWE-352 · CSRF

Published February 28, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

Key dates

02Disclosure timeline

February 28, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0328 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-32739 WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery CVE-2024-7065 Spina CMS cross-site request forgery CVE-2022-1960 MyCSS <= 1.1 - Arbitrary Settings Update via CSRF