cvedb.io
CVE-2022-4024
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-12-19T14:15:11.760 · Last modified 2026-06-17T05:19:47.213

Summary

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)

Affected products

genetechsolutions — pie_register

Does this affect you?

Add your gear to cvedb and we'll alert you only when genetechsolutions ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.