ГлавнаяУязвимости → CVE-2024-5167
8.1высокая

CVE-2024-5167

Описание

The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack

Затрагиваемое ПО
Cminds Cm e-mail blacklist
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Источники
https://wpscan.com/vulnerability/67bb5ab8-4493-4f5b-a989-41576675b61a/https://wpscan.com/vulnerability/67bb5ab8-4493-4f5b-a989-41576675b61a/