WordPress Plugin Vulnerabilities

Creative Mail < 1.6.0 - Settings Reset via CSRF

Description

The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
creative-mail-by-constant-contact
Fixed in 1.6.0

References

CVE
CVE-2022-40687

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
1fcc8f1b-901b-4651-add2-2c73967abdba

Timeline

Publicly Published
2022-10-28 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2025-09-05
Title
Compact Admin <= 1.3.0 - Cross-Site Request Forgery
Published
2024-04-11
Title
WP Matterport Shortcode < 2.2.0 - Cross-Site Request Forgery
Published
2023-08-16
Title
Video Gallery & Management < 3.3.6 - Settings Update via CSRF
Published
2024-09-10
Title
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update
Published
2024-04-11
Title
Button Generator < 3.0 - Button Deletion via CSRF