WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
CVE-2022-40687

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Creative Mail (WordPress Plugin)
Vendor: CVE Published:; 28 October 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.

Affected Version(s)

Creative Mail (WordPress plugin) <= 1.5.4 <= 1.5.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-40687-metasploit-scanner
Created by williamkhepri

References

https://patchstack.com/database/vulnerability/creative-ma...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 28, 2022
👾
Exploit known to exist
Oct 28, 2022
Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Oct 19, 2022

Credit

Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)