2 matches found
CVE-2022-1612
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1612
CVE-2022-1612 : The Webriti SMTP Mail WordPress plugin (version ≤ 1.0) lacks CSRF protection when updating settings, enabling a logged-in admin or attacker with user access to alter configuration via a CSRF attack. Impact is stated as possible arbitrary settings changes; exploits are demonstrated...