Vulnerability Description
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpdevart | Coming Soon And Maintenance Mode | < 3.6.8 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2659455Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/1ab1748f-c939-4953-83fc-9df878da7714ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2659455Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/1ab1748f-c939-4953-83fc-9df878da7714ExploitThird Party Advisory
FAQ
What is CVE-2022-0199?
CVE-2022-0199 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary email...
How severe is CVE-2022-0199?
CVE-2022-0199 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0199?
Check the references section above for vendor advisories and patch information. Affected products include: Wpdevart Coming Soon And Maintenance Mode.