CVE-2022-0164
Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users
El plugin Coming soon y Maintenance mode de WordPress versiones anteriores a 3.6.8, no presenta comprobaciones de autorización y CSRF en su acción coming_soon_send_mail AJAX, permitiendo a cualquier usuario autenticado, con un rol tan bajo como el de suscriptor, enviar correos electrónicos arbitrarios a todos los usuarios suscritos
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-10 CVE Reserved
- 2022-01-24 CVE Published
- 2023-09-14 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-862: Missing Authorization
- CWE-863: Incorrect Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51 | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/2655973 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpdevart Search vendor "Wpdevart" | Coming Soon And Maintenance Mode Search vendor "Wpdevart" for product "Coming Soon And Maintenance Mode" | < 3.5.3 Search vendor "Wpdevart" for product "Coming Soon And Maintenance Mode" and version " < 3.5.3" | wordpress |
Affected
| ||||||