Lucene search
China National Vulnerability DatabaseCNVD-2022-66589HistoryMar 02, 2022 - 12:00 a.m.
WordPress Emails and Alerts plugin cross-site request forgery vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
wordpress
emails
alerts
plugin
cross-site request forgery
vulnerability
php
csrf
version 1.8.7
EPSS
0.001
Percentile
21.2%
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Emails and Alerts plugin prior to 1.8.7. The vulnerability stems from the failure of the custom WordPress Emails and Alerts plugin to authorize and CSRF check its bnfw to search for a user’s AJAX action, any authenticated attacker could invoke it and query the user’s email prefix (find the first letter, then the second, then the third, etc.).
Related
cvelist
cvelist
CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure
2022-02-28 09:06:47
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
patchstack
patchstack
wpexploit
wpexploit
Better Notifications for WP < 1.8.7 - Email Address Disclosure
2022-01-31 00:00:00
cve
cve
CVE-2022-0345
2022-02-28 09:15:08
wpvulndb
wpvulndb
Better Notifications for WP < 1.8.7 - Email Address Disclosure
2022-01-31 00:00:00
nvd
nvd
CVE-2022-0345
2022-02-28 09:15:08