PT-2024-30502 · WordPress · Wp User Manager
Ananda Dhakal
·
Published
2024-08-26
·
Updated
2024-08-30
·
CVE-2024-43336
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP User Manager versions through 2.9.10
Description
A Cross-Site Request Forgery (CSRF) issue affects the WP User Manager plugin. This allows an attacker to perform unintended actions on a user's account. Users are urged to check for updates and apply necessary patches to mitigate risks.
Recommendations
For WP User Manager versions through 2.9.10, update to a version later than 2.9.10 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp User Manager