CVE-2014-3850

Name of the Vulnerable Software and Affected Versions Member Approval plugin 131109 for WordPress

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to "wp-admin/options-general.php".

Recommendations For Member Approval plugin 131109, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the "wp-admin/options-general.php" endpoint to minimize the risk of exploitation.