CVE-2013-2107

Name of the Vulnerable Software and Affected Versions Mail On Update plugin versions prior to 5.2.0

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate mailto parameter in the "mail-on-update" page to "wp-admin/options-general.php".

Recommendations For Mail On Update plugin versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "mail-on-update" page and the mailonupdate mailto parameter in the "wp-admin/options-general.php" endpoint until a patch is applied.