Published: 23/05/2014 Updated: 30/05/2014

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin prior to 5.2.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mail on update project mail on update
mail on update project mail on update 5.0.0

source: wwwsecurityfocuscom/bid/59932/info The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application Other attacks are also possible Mail On Update 510 is vulnerab ...

CWE-352 http://osvdb.org/93452 http://wordpress.org/plugins/mail-on-update/changelog http://secunia.com/advisories/53449 http://seclists.org/oss-sec/2013/q2/356 https://nvd.nist.gov https://www.exploit-db.com/exploits/38517/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2107

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect