Lucene search
Daniel RufWPVDB-ID:68DEAB46-1C16-46AE-A912-A104958CA4CFHistoryJun 20, 2022 - 12:00 a.m.
WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF
2022-06-2000:00:00
Daniel Ruf
wpscan.com
6
0.001 Low
EPSS
Percentile
26.3%
The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-maintenance-mode | lt | 2.4.5 |
Related
patchstack
patchstack
cnvd
cnvd
WordPress Maintenance Mode
2022-07-13 00:00:00
cvelist
cvelist
wpexploit
wpexploit
cve
cve
CVE-2022-1576
2022-07-11 13:15:08
openvas
openvas
WordPress Maintenance Mode Plugin < 2.4.5 CSRF Vulnerability
2022-07-12 00:00:00
nvd
nvd
CVE-2022-1576
2022-07-11 13:15:08
prion
prion
Cross site request forgery (csrf)
2022-07-11 13:15:00