WordPress Plugin Vulnerabilities

MailOptin < 1.2.50.0 - Unauthenticated Campaign Cache Deletion

Description

The plugin does not have authorisation an CSRF checks when deleting campaign cache, which could allow any unauthenticated users to delete it (either directly or via a CSRF attack)

Affects Plugins

Plugin icon
mailoptin
Fixed in 1.2.50.0

References

CVE
CVE-2022-36340

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
b9154128-2a30-450e-adc1-4c946cf9784f

Timeline

Publicly Published
2022-09-23 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2024-04-05
Title
EmbedPress < 3.9.12 - Missing Authorization
Published
2024-01-12
Title
The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure
Published
2025-06-04
Title
Team Builder <= 1.5.7 - Missing Authorization
Published
2024-08-01
Title
Sign-up Sheets < 2.2.13 - Missing Authorization
Published
2025-10-17
Title
Admin Management Xtended <= 2.5.1 - Missing Authorization