Post SMTP Mailer/Email Log < 2.0.21 – CSRF Nonce Bypass | CVE 2021-4422

Affects Plugins

post-smtp

Fixed in 2.0.21

References

CVE

CVE-2021-4422

URL

https://plugins.trac.wordpress.org/changeset/2473579

URL

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Submitter

VikeLite

Verified

No

WPVDB ID

6b74a8bd-06fc-495c-a95e-c93367d6d7d0

Timeline

Publicly Published

2021-02-12 (about 5 years ago)

Added

2021-02-12 (about 5 years ago)

Last Updated

2023-07-12 (about 2 years ago)

Other

Published

Title

Published

2024-12-10

Title

WPC Order Notes for WooCommerce < 1.5.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

Published

2023-02-17

Title

Extensions For CF7 < 2.0.9 - Arbitrary Plugin Activation via CSRF

Published

2022-03-30

Title

Use Any Font < 6.2.1 - API Key Deactivation via CSRF

Published

2023-05-09

Title

CM On Demand Search And Replace < 1.3.1 - Multiple CSRF

Published

2024-11-01

Title

e-shops <= 1.0.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting