CVE-2022-2355

CVE-2022-2355: Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

Vendor Unknown
Product Easy Username Updater
Weakness CWE-352 · CSRF
Published August 8, 2022
Last update August 27, 2025

CVSS base score

What the vulnerability does

01Description

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin

Key dates

02Disclosure timeline

August 8, 2022 CVE published
August 27, 2025 Record updated

Related vulnerabilities

04Related CVE