WordPress Plugin Vulnerabilities

Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues

Description

Despite fixing the SQL injection, the plugin was still affected by CSRF issues, which could allow an attacker to make a logged in administrator edit, add, and delete arbitrary signup form views.

Affects Plugins

Plugin icon
official-mailerlite-sign-up-forms
Fixed in 1.4.5

References

URL
https://www.webarxsecurity.com/sql-injection-csrf-vulnerabilities-in-mailerlite-sign-up-forms-plugin/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Dave
Verified
No
WPVDB ID
40aefd95-4117-4a64-973c-dcec8989ecf4

Timeline

Publicly Published
2020-05-25 (about 5 years ago)
Added
2020-05-25 (about 5 years ago)
Last Updated
2020-05-30 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Specialist by Templatic - CSRF File Upload
Published
2024-10-31
Title
BTEV <= 2.0.2 - Settings Update via CSRF
Published
2025-01-16
Title
Error Notification <= 0.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-02-14
Title
My Tickets < 1.9.11 - Bulk Emailing via CSRF
Published
2021-06-30
Title
YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF