CVE-2024-5167

EUVD-2024-46416
The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
cmindscm_e-mail_blacklist
𝑥
< 1.4.9
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
creativemindssolutionscm_email_registration_blacklist_and_whitelist
𝑥
< 1.4.9
ADP
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/67bb5ab8-4493-4f5b-a989-41576675b61a/
https://wpscan.com/vulnerability/67bb5ab8-4493-4f5b-a989-41576675b61a/