CVE-2024-5167

Name of the Vulnerable Software and Affected Versions CM Email Registration Blacklist and Whitelist WordPress plugin versions prior to 1.4.9

Description The issue allows attackers to perform actions on the blacklist or whitelist menu without the admin's knowledge or consent, potentially leading to unauthorized changes to settings. This is possible due to the lack of a CSRF check when adding or deleting items from the blacklist or whitelist.

Recommendations For CM Email Registration Blacklist and Whitelist WordPress plugin versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue.