CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50902 – WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-50902
Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPExpertsio New User Approve. Este problema afecta a New User Approve: desde n/a hasta 2.5.1. The New User Approve plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the admin_notices function. • https://patchstack.com/database/vulnerability/new-user-approve/wordpress-new-user-approve-plugin-2-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1625 – New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
https://notcve.org/view.php?id=CVE-2022-1625
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. El plugin New User Approve de WordPress versiones anteriores a 2.4, no presenta una comprobación de tipo CSRF cuando actualiza sus ajustes y añade códigos de invitación, lo que podría permitir a atacantes añadir códigos de invitación (para omitir las restricciones establecidas) y cambiar los ajustes del plugin al engañar a usuarios administradores para que visiten sitios web especialmente diseñados The New User Approve WordPress plugin before 2.4.1 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. • https://wpscan.com/vulnerability/e1693318-900c-47f1-bb77-008b0d33327f • CWE-352: Cross-Site Request Forgery (CSRF) •