UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress, 64931f1b9e520690cdca9ff2ec0ef1210f84ae48

CVE, Research URL: 64931f1b9e520690cdca9ff2ec0ef1210f84ae48
Home page URL: Security reports for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Application: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Published on: Nov 01, 2023
Research Description: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP [userswp] < 1.2.3.23 UsersWP <= 1.2.3.22 - Cross-Site Request Forgery The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.2.3.23 (exclusive). This is due to missing or incorrect nonce validation on the ajax_profile_image_remove function. This makes it possible for unauthenticated attackers to delete user images via a forged request granted they can trick a site user into performing an action such as clicking on a link.
Affected versions: max 1.2.3.23.
Status: vulnerable

UsersWP &#8211; Front-end login form, User Registration, User Profile &amp; Members Directory plugin for WordPress, 64931f1b9e520690cdca9ff2ec0ef1210f84ae48