Headline
CVE-2022-40686: WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.5.4
PSID
44e5f3f1a978
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-10-28
Details
Cross-Site Request Forgery (CSRF) vulnerability was discovered by Muhammad Daffa (Patchstack Alliance) in the WordPress Creative Mail plugin (versions <= 1.5.4).
Solution
Update the WordPress Creative Mail plugin to the latest available version (at least 1.6.0).
References