CVE-2022-4024

Name of the Vulnerable Software and Affected Versions Registration Forms WordPress plugin versions prior to 3.8.1.3

Description The issue allows unauthenticated attackers to delete arbitrary users, along with their posts, due to a lack of authorisation and CSRF protection when deleting users via an init action handler.

Recommendations For versions prior to 3.8.1.3, update to version 3.8.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the init action handler to minimize the risk of exploitation.