cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11197,https://securityvulnerability.io/vulnerability/CVE-2024-11197,Vulnerability in Lock User Account Plugin Allows Authenticated Attackers to Bypass Account Lock,"The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to interact with the vulnerable site via an API such as XML-RPC or REST despite their account being locked.",Wordpress,Lock User Account,4.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-21T02:06:34.525Z,0
CVE-2023-4307,https://securityvulnerability.io/vulnerability/CVE-2023-4307,Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF,"The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack",Wordpress,Lock User Account,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-09-11T20:15:00.000Z,0