The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2655973 | Patch |
https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-21T10:46:00
Updated: 2023-07-24T09:20:46.249Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-0164
JSON object: View
NVD Information
Status : Modified
Published: 2022-02-21T11:15:09.210
Modified: 2023-11-07T03:41:06.900
Link: CVE-2022-0164
JSON object: View
Redhat Information
No data.