2 matches found
CVE-2022-1630
The WP-EMail WordPress plugin before 2.69.0 is vulnerable to CSRF in log deletion due to missing nonce checks. This allows a logged-in attacker to trick an admin into deleting logs via CSRF. A PoC exists in the WP-Email exploit documentation showing an automatic form submission. Remediation: upgr...
CVE-2022-1630 WP-Email < 2.69.0 - Log Deletion via CSRF
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack...