WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Email Users plugin version 4.8.8 and prior versions are vulnerable to cross-site request forgery, which stems from a cross-site request forgery check not being performed when updating its settings. An attacker could exploit this vulnerability via a CSRF attack to allow logged-in administrators to change them and change the notification settings for any user.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress email users plugin | lt | 4.8.8 |