What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3.
Explanation of Vulnerability in Simple Terms
New User Approve versions 3.2.3 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a site administrator, performs unwanted actions on the site without the admin's knowledge. The vulnerability requires the admin to click a link or visit a page controlled by the attacker. This can lead to unauthorized changes or denial of service.
What an attacker can do
Trick a site admin into performing unwanted actions (like approving users or changing settings) by visiting a malicious webpage.
Potential impact on your site
Admins could unknowingly approve malicious user accounts, modify plugin settings, or trigger actions that disrupt site availability.
Conditions required to exploit
Site admin must visit a webpage controlled by the attacker; no special privileges or authentication bypass needed.
Key dates
External resources