CVE-2022-0199

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 71.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Coming Soon AND Maintenance ModeWpdevart Coming Soon AND Maintenance Mode
Timeline
PublishedFeb 21
Latest updateFeb 22

Description

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/coming_soon_and_maintenance_mode3.6.83.6.8

🔴Vulnerability Details

2
GHSA
GHSA-4hmp-c47h-m87p: The Coming soon and Maintenance mode WordPress plugin before 32022-02-22
CVEList
Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF2022-02-21

📋Vendor Advisories

1
CISA
Microsoft Office and WordPad Remote Code Execution Vulnerability2021-11-03
CVE-2022-0199 (MEDIUM CVSS 4.3) | The Coming soon and Maintenance mod | cvebase.io