ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Member Approval Plugin <= 131109 - CSRF

Product
Member Approval
Description
Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2014-3850
Versions
Affected In <= 131109
Fixed In 131110
Disclosure date
2014-05-23
Credits
Tom Adams