PT-2019-7368 · WordPress · Alo-Easymail Plugin

Published

2019-09-25

Updated

2019-09-26

CVE-2015-9409

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions alo-easymail plugin versions prior to 2.6.01

Description The issue concerns a CSRF vulnerability that leads to XSS in the alo-easymail plugin for WordPress, specifically affecting the pages/alo-easymail-admin-options.php page. The pages/alo-easymail-admin-options.php page is vulnerable due to the lack of proper CSRF protection, allowing an attacker to perform actions on behalf of a user and potentially execute malicious scripts.

Recommendations For versions prior to 2.6.01, update to version 2.6.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the pages/alo-easymail-admin-options.php page to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2015-9409

Affected Products

Alo-Easymail Plugin

PT-2019-7368 · WordPress · Alo-Easymail Plugin

CVE-2015-9409

Weakness Enumeration

Related Identifiers

Affected Products

References · 6