Question 1

What is CVE-2022-4024 — CVE-2022-4024?

Accepted Answer

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)

Question 2

What is the authoritative source for CVE-2022-4024?

Accepted Answer

CVE-2022-4024 (CVE-2022-4024) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	6.5 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS	0.33% probability of exploitation · percentile 25.1% · 2026-06-19T12:03:05Z
Last modified	2026-06-17

CVE-2022-4024CVE-2022-4024

Description

Scoring