Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2024-11197 - Lock User Account Plugin

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to interact with the vulnerable site via an API such as XML-RPC or REST despite their account being locked.

PLUGIN Lock User Account

CVE-2024-11197

MEDIUM CVSS 4.2 2024-11-21

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-04-23

CVE-2023-4307 - Lock User Account Plugin

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack

PLUGIN Lock User Account

CVE-2023-4307

MEDIUM CVSS 4.3 2023-09-11

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2024-11197 - Lock User Account Plugin

CVE-2023-4307 - Lock User Account Plugin

Company Links

Contact Us