CVE-2023-27424 – WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-27424

24 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions. The Inactive User Deleter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.59. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to modify plugin settings, delete, activate, inactivate, and export users, and create multiple arbitrary users with default privilege... • https://patchstack.com/database/vulnerability/inactive-user-deleter/wordpress-inactive-user-deleter-plugin-1-58-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •