CVE-2022-2350

Name of the Vulnerable Software and Affected Versions Disable User Login WordPress plugin versions 1.0.0 through 1.0.1

Description The issue concerns a lack of authorization and CSRF checks when updating settings in the Disable User Login WordPress plugin. This allows unauthenticated attackers to block or unblock users at will.

Recommendations For Disable User Login WordPress plugin versions 1.0.0 through 1.0.1, consider disabling the plugin until a patch is available to add the necessary authorization and CSRF checks. Restrict access to the plugin's settings to minimize the risk of exploitation.