Email Users <= 4.8.3 – Cross-Site Request Forgery (CSRF)

Affects Plugins

email-users

Fixed in 4.8.4

References

URL

https://seclists.org/fulldisclosure/2016/Aug/71

URL

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_vulnerability_in_email_users_wordpress_plugin.html

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

cf3e7bb9-1e3c-493a-abeb-54c38b2d37c2

Timeline

Publicly Published

2016-08-15 (about 9 years ago)

Added

2016-08-16 (about 9 years ago)

Last Updated

2022-05-18 (about 3 years ago)

Other

Published

Title

Published

2022-12-05

Title

Loginizer <= 1.7.5 - Cross-Site Request Forgery

Published

2023-09-01

Title

Responsive Gallery Grid < 2.3.14 - Settings Update via CSRF

Published

2019-02-28

Title

Smart Forms < 2.6.16 - Cross-Site Request Forgery (CSRF)

Published

2025-04-16

Title

Internal Link Optimiser < 5.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-10-17

Title

Freesoul Deactivate Plugins < 2.1.4 - Cross-Site Request Forgery via eos_dp_pro_delete_transient