WordPress MailMunch – Grow your Email List Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-41852

4.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
10 October 2023

What is CVE-2023-41852?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the MailMunch – Grow your Email List plugin for WordPress, affecting versions up to and including 3.1.2. This vulnerability allows attackers to trick users into executing unwanted actions on the website while authenticated. If exploited, it could lead to unauthorized changes or data exposure. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

MailMunch – Grow your Email List <= 3.1.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdi Pranata (Patchstack Alliance)
.