WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-54355

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Mailster
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-54355?

A Cross-Site Request Forgery (CSRF) vulnerability exists in WP Mailster, a popular mail management plugin by Brandtoss. This issue allows an attacker to trick users into executing unintended actions within the application, potentially compromising user accounts. Versions affected include all prior to 1.8.17.0. It is critical for users and website administrators to apply necessary updates and implement best practices to mitigate this security risk.

Affected Version(s)

WP Mailster <= 1.8.17.0

References

https://patchstack.com/database/wordpress/plugin/wp-mails...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

Dhabaleshwar Das (Patchstack Alliance)