CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack. Note: The AJAX actions are also affected by SQL injections, making the issue PoC Make a logged in...

WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders PoC Ma...

CVE-2020-20989

A cross-site request forgery CSRF in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs...