CVE-2022-1625: New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
First published: Mon Jun 27 2022(Updated: )
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpexperts New User Approve | <2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-1625?
CVE-2022-1625 is a vulnerability in the New User Approve WordPress plugin before version 2.4 that allows attackers to add invitation codes and change plugin settings.
How does CVE-2022-1625 impact WordPress websites?
CVE-2022-1625 can allow attackers to bypass restrictions by adding invitation codes and modify plugin settings.
What is the severity of CVE-2022-1625?
CVE-2022-1625 has a severity value of 4.3, which is classified as medium.
How can I fix CVE-2022-1625?
To fix CVE-2022-1625, update the New User Approve plugin to version 2.4 or higher.
Is there any additional information about CVE-2022-1625?
For more information about CVE-2022-1625, you can refer to the vulnerability report at https://wpscan.com/vulnerability/e1693318-900c-47f1-bb77-008b0d33327f.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/wpexperts
- canonical/wpexperts new user approve