MC4WP: Mailchimp for WordPress < 4.8.5 – Unauthorised Actions via CSRF | Plugin Vulnerabilities

Description

The plugin did not properly check for CSRF in some of its actions handled by the listen_for_actions method (hooked as admin_init), allowing attackers to make logged in users with the manage_options capability do unwanted actions such as empty the logs, dismiss notice and so on

Proof of Concept

https://example.com/wp-admin/admin.php?_mc4wp_action=empty_debug_log
https://example.com/wp-admin/admin.php?_mc4wp_action=dismiss_review_notice
https://example.com/wp-admin/admin.php?_mc4wp_action=renew_lists_cache
https://example.com/wp-admin/admin.php?_mc4wp_action=dismiss_api_key_notice

Affects Plugins

mailchimp-for-wp

Fixed in 4.8.5

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

e84e1fa5-a947-4b2c-a134-19e9b07385b4

Timeline

Publicly Published

2021-06-01 (about 4 years ago)

Added

2021-06-01 (about 4 years ago)

Last Updated

2021-06-01 (about 4 years ago)

Other

Published

Title

Published

2023-06-26

Title

WooCommerce Ship to Multiple Addresses < 3.8.6 - Billing Address Update via CSRF

Published

2023-11-14

Title

Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery

Published

2025-11-08

Title

New User Approve <= 3.2.0 - Cross-Site Request Forgery

Published

2025-01-07

Title

Admin debug wordpress – enable debug <= 1.0.13 - Cross-Site Request Forgery

Published

2022-05-26

Title

Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF