Lucene search
Muhammad Daffa (Patchstack Alliance)PATCHSTACK:88003B068827A56C60C3DAB094DCDC5CHistoryAug 01, 2022 - 12:00 a.m.
WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
2022-08-0100:00:00
Muhammad Daffa (Patchstack Alliance)
patchstack.com
12
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Cross-Site Request Forgery (CSRF) vulnerability leading to API key change discovered by Muhammad Daffa (Patchstack Alliance) in WordPress MailerLite – Signup forms (official) plugin (versions <= 1.5.7).
Solution
Update the WordPress MailerLite – Signup forms plugin to the latest available version (at least 1.5.8).
| CPE | Name | Operator | Version |
|---|---|---|---|
| mailerlite – signup forms | le | 1.5.7 |
Related
wpvulndb
wpvulndb
MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF
2022-08-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-05 16:15:00
cve
cve
CVE-2022-33201
2022-08-05 16:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Related for PATCHSTACK:88003B068827A56C60C3DAB094DCDC5C