Disable User Login < 1.3.9 – User Login Toggle via CSRF | CVE 2023-47806

Affects Plugins

Fixed in 1.3.9

References

CVE

CVE-2023-47806

URL

https://patchstack.com/database/vulnerability/disable-user-login/wordpress-disable-user-login-plugin-1-3-7-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

qilin_99

Verified

Yes

WPVDB ID

4df287b3-c816-472d-ba7f-0e05418c9bd2

Timeline

Publicly Published

2023-11-15 (about 2 years ago)

Added

2023-12-23 (about 2 years ago)

Last Updated

2024-01-16 (about 2 years ago)

Other

Published

Title

Published

2025-01-07

Title

JK Html To Pdf <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-12-27

Title

Easy PayPal Buy Now Button < 1.8.2 - Cross-Site Request Forgery

Published

2025-12-08

Title

Advanced Product Fields (Product Addons) for WooCommerce < 1.6.18 - Cross-Site Request Forgery to Product Field Group Duplication and Publication

Published

2025-01-16

Title

WP SpaceContent <= 0.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2022-10-10

Title

SeoSamba for WordPress Webmasters < 1.0.6 - Access Key Update via CSRF