exploitDog

GHSA-4hmp-c47h-m87p

Опубликовано: 22 фев. 2022

Источник: github

Github: Не прошло ревью

Описание

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

Ссылки

EPSS

Процентиль: 29%

0.00103

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-0199

CVSS3: 4.3

nvd

почти 4 года назад

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

EPSS

Процентиль: 29%

0.00103

Низкий

CVE ID

Дефекты

CWE-352