WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of the WordPress Mail Subscribe List plugin prior to 2.1.4, which stems from the plugin’s failure to perform CSRF checks when deleting subscribers. An attacker could exploit this vulnerability to allow a logged-in administrator to remove any user from the subscription list.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress mail subscribe list plugin | lt | 2.1.4 |