VYPR
Low severity3.1NVD Advisory· Published Jan 16, 2023· Updated Jun 17, 2026

CVE-2022-4309

CVE-2022-4309

Description

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.