Description

WordPress Plugin SMTP Mailer is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin SMTP Mailer version 1.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.0.7 or latest

References

https://www.pluginvulnerabilities.com/2019/03/29/cross-site-request-forgery-csrf-email-sending-vulnerability-in-smtp-mailer/

https://plugins.svn.wordpress.org/smtp-mailer/trunk/readme.txt

Related Vulnerabilities

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)

RubyGems Improper Input Validation Vulnerability (CVE-2017-0900)

FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)

MediaWiki Improper Input Validation Vulnerability (CVE-2013-6453)

Quick Post Widget Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.9.1)

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update CSRF