WordPress Plugin Vulnerabilities

Email Tracker < 5.2.7 - Arbitrary Email Entry Deletion via CSRF

Description

The plugin does not have CSRF check when deleting email entries, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

Affects Plugins

Plugin icon
email-tracker
Fixed in 5.2.7

References

CVE
CVE-2021-44777

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
No
WPVDB ID
380ab359-1c0d-4877-b599-50f58e797e8f

Timeline

Publicly Published
2021-11-01 (about 4 years ago)
Added
2022-01-20 (about 4 years ago)
Last Updated
2022-04-12 (about 4 years ago)

Other

Published
Title
Published
2025-03-24
Title
Fix Rss Feeds <= 3.1 - Cross-Site Request Forgery
Published
2025-09-26
Title
Ninja Forms < 3.12.1 - Statistics Collection Opt In via CSRF
Published
2025-09-22
Title
WPMK PDF Generator <= 1.0.1 - Cross-Site Request Forgery
Published
2024-04-26
Title
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.0 - Cross-Site Request Forgery to Notice Dismissal
Published
2024-02-07
Title
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in optimizeAllOn