WordPress Plugin Vulnerabilities

Inactive User Deleter < 1.60 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.

Affects Plugins

Plugin icon
inactive-user-deleter
Fixed in 1.60

References

CVE
CVE-2023-27424

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
984ffe19-efc4-459a-83f0-81c6d1ef9d9e

Timeline

Publicly Published
2023-07-17 (about 2 years ago)
Added
2023-07-17 (about 2 years ago)
Last Updated
2023-07-17 (about 2 years ago)

Other

Published
Title
Published
2025-12-26
Title
Heateor Social Login <= 1.1.39 - Cross-Site Request Forgery
Published
2025-09-05
Title
Database to Excel <= 1.0 - Cross-Site Request Forgery
Published
2021-06-21
Title
Remove Schema < 1.6 - Cross-Site Request Forgery
Published
2023-12-04
Title
WooDiscuz – WooCommerce Comments <= 2.3.0 - Cross-Site Request Forgery
Published
2021-06-30
Title
WP Prayer < 1.5.5 - Unauthorised AJAX call via CSRF