WordPress Plugin Vulnerabilities
Post SMTP Mailer/Email Log < 2.0.21 - CSRF Nonce Bypass
Description
A user could bypass the nonce check associated with Export mail to CSV handleCsvExport() function
Proof of Concept
Submit a request w/o the post-smtp-log-nonce parameter
Affects Plugins
Fixed in version 2.0.21
References
Classification
Miscellaneous
Original Researcher
Jerome Bruandet (nintechnet.com)
Submitter
VikeLite
Verified
No
Timeline
Publicly Published
2021-02-12 (about 2 years ago)
Added
2021-02-12 (about 2 years ago)
Last Updated
2021-03-03 (about 2 years ago)