{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-4024","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","requesterUserId":"dc9e157c-ddf1-4983-adaf-9f01d16b5e04","dateReserved":"2022-11-16T15:45:06.978Z","datePublished":"2022-12-19T13:41:40.069Z","dateUpdated":"2025-04-17T14:15:50.693Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2022-12-19T13:41:40.069Z"},"title":"Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion","problemTypes":[{"descriptions":[{"description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Registration Forms","collectionURL":"https://wordpress.org/plugins","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"3.8.1.3"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)"}],"references":[{"url":"https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"cydave","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:27:54.143Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-17T14:15:20.236608Z","id":"CVE-2022-4024","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-17T14:15:50.693Z"}}]}}