WordPress Plugin Vulnerabilities

MailMunch – Grow your Email List < 3.1.3 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
mailmunch
Fixed in 3.1.3

References

CVE
CVE-2023-41852

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
46528429-9ffa-4f7b-9fd5-c2152bf84222

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2023-10-30 (about 2 years ago)

Other

Published
Title
Published
2025-06-27
Title
WP Optimizer <= 2.3.6 - Cross-Site Request Forgery
Published
2025-01-07
Title
Affiliate Disclosure Statement <= 0.3 - Cross-Site Request Forgery
Published
2024-06-28
Title
Elegant Pink < 1.3.1 - Cross-Site Request Forgery to Notice Dismissal
Published
2018-01-09
Title
Download Manager <= 2.9.60 - Cross-Site Request Forgery (CSRF)
Published
2023-07-10
Title
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF