CSRF vulnerability

  • I get the following Message about your plugin saying that your plugin has a vulnerability. Is this true and if so when will the vulnerability be fixed? Please Advise ASAP.

    WordPress Manage Notification E-mails plugin <= 1.8.2 – Cross-Site Request Forgery (CSRF) vulnerability

Viewing 4 replies - 1 through 4 (of 4 total)

  • +1

    Thank you.

    We get the same warning as well and we use this plugin for every website we own.

    WordPress Manage Notification E-mails plugin <= 1.8.2 – Cross-Site Request Forgery (CSRF) vulnerability.

    • This reply was modified 2 years, 5 months ago by Yui.
    • This reply was modified 2 years, 5 months ago by sexcuk.

    I wish the problem report had more information. I did look into this a bit to see if it could be mitigated with a hotfix, but I only see $_POST data being evaluated in one location, and in that location checks are made for both current_user_can() as well as check_admin_referrer(). But this isn’t my area so there may yet be some other security hole in here.

    1.8.3 is out to fix this. Quick response! Thanks!!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘CSRF vulnerability’ is closed to new replies.