Lucene search

K
wpvulndbDaniel RufWPVDB-ID:68DEAB46-1C16-46AE-A912-A104958CA4CF
HistoryJun 20, 2022 - 12:00 a.m.

WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

2022-06-2000:00:00
Daniel Ruf
wpscan.com
7
plugin
maintenance mode
coming soon
csrf
subscribed users
attack

EPSS

0.001

Percentile

26.3%

The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

PoC

EPSS

0.001

Percentile

26.3%

Related for WPVDB-ID:68DEAB46-1C16-46AE-A912-A104958CA4CF