CVE-2022-4266

Name of the Vulnerable Software and Affected Versions Bulk Delete Users by Email WordPress plugin versions 1.2 and earlier

Description The issue concerns a lack of CSRF check when deleting users, which could allow attackers to make a logged-in admin delete non-admin users by knowing their email via a CSRF attack.

Recommendations For Bulk Delete Users by Email WordPress plugin versions 1.2 and earlier, consider disabling the user deletion functionality until a patch is available to mitigate the risk of exploitation. Restrict access to the user management module to minimize the risk of unauthorized user deletion. Avoid using the email-based user deletion feature in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.