Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

2020-07-1800:00:00

wpscan.com

0.001 Low

EPSS

Percentile

42.1%

JSON

An attacker could exploit this issue by convincing a user to click a specially crafted URL, which will send emails from the affected user’s WordPress email account.

PoC

https://github.com/tenable/poc/blob/master/WordPress/plugins/Icegram/email_subscribers_and_newsletters/csrf_poc.html

CPENameOperatorVersion
email-subscriberslt4.5.1

CPE	Name	Operator	Version
	email-subscribers	lt	4.5.1

References

www.tenable.com/security/research/tra-2020-44-0

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for WPVDB-ID:E6F3170B-9589-4405-AFCF-F2756B1F496F