CVE-2022-1603 — MEDIUM (4.3)

Q: How severe is CVE-2022-1603?

CVE-2022-1603 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1603?

Check the references section above for vendor advisories and patch information. Affected products include: Webfwd Mail Subscribe List.

Vulnerability Description

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Webfwd	Mail Subscribe List	< 2.1.4

Related Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0ExploitThird Party Advisory
https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0ExploitThird Party Advisory

FAQ

What is CVE-2022-1603?

CVE-2022-1603 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and de...

How severe is CVE-2022-1603?

CVE-2022-1603 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1603?

Check the references section above for vendor advisories and patch information. Affected products include: Webfwd Mail Subscribe List.