Search criteria
2 vulnerabilities found for Mail Subscribe List by Unknown
CVE-2022-1603 (GCVE-0-2022-1603)
Vulnerability from nvd – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:10
VLAI
Title
Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF
Summary
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/0e12ba6f-a86f-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Mail Subscribe List |
Affected:
2.1.4 , < 2.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mail Subscribe List",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "2.1.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:51.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Mail Subscribe List \u003c 2.1.4 - Arbitrary Subscribed User Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1603",
"STATE": "PUBLIC",
"TITLE": "Mail Subscribe List \u003c 2.1.4 - Arbitrary Subscribed User Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mail Subscribe List",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.4",
"version_value": "2.1.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1603",
"datePublished": "2022-06-20T10:25:51.000Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1603 (GCVE-0-2022-1603)
Vulnerability from cvelistv5 – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:10
VLAI
Title
Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF
Summary
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/0e12ba6f-a86f-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Mail Subscribe List |
Affected:
2.1.4 , < 2.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mail Subscribe List",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "2.1.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:51.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Mail Subscribe List \u003c 2.1.4 - Arbitrary Subscribed User Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1603",
"STATE": "PUBLIC",
"TITLE": "Mail Subscribe List \u003c 2.1.4 - Arbitrary Subscribed User Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mail Subscribe List",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.4",
"version_value": "2.1.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1603",
"datePublished": "2022-06-20T10:25:51.000Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}