The Lock User Account WordPress plugin up to and including 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow malicious users to make logged in admins lock and unlock arbitrary users via a CSRF attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teknigar lock user account |