CVE-2022-0681

CVE-2022-0681: Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF

Vendor Unknown

Product Simple Membership

Weakness CWE-352 · CSRF

Published March 21, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack

Key dates

02Disclosure timeline

March 21, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0681 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-40212 WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-5888 jsnjfz WebStack-Guns cross-site request forgery CVE-2023-25463 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-0685 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders CVE-2023-25051 WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)