The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
coming_soon_and_maintenance_mode | lt | 3.6.8 |