WordPress Plugin Vulnerabilities

MailerLite - Signup forms (official) < 1.5.8 - API Key Update via CSRF

Description

The plugin does not have CSRF check in place when updating its API key, which could allow attackers to make a logged in admin change it via a CSRF attack

Affects Plugins

Plugin icon
official-mailerlite-sign-up-forms
Fixed in 1.5.8

References

CVE
CVE-2022-33201

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
dcce9241-4903-40dc-98d1-0abc30a3f779

Timeline

Publicly Published
2022-08-01 (about 1 years ago)
Added
2022-08-06 (about 1 years ago)
Last Updated
2023-04-12 (about 1 years ago)

Other

Published
Title
Published
2024-04-11
Title
Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
Published
2023-05-30
Title
Ultimate Member < 2.6.1 - Form Duplication via CSRF
Published
2023-10-06
Title
GoodBarber < 1.0.24 - Settings Update via CSRF
Published
2022-06-20
Title
Cache Images < 3.2.1 - Image Upload / Import via CSRF
Published
2021-03-26
Title
Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta