Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in CM Email Registration Blacklist and Whitelist 1.4.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 22, 2024

A popular plugin for WordPress called “CM Email Registration Blacklist and Whitelist” has a security issue where unauthorized people can make changes to the plugin. This is because the plugin doesn’t properly check for a security code before allowing changes to be made. This means that someone who is not logged in or authorized could add or delete email addresses and change the list of blocked or allowed emails. They can do this by tricking the person who manages the website into clicking on a link.

Detected in:

CM E-Mail Blacklist – Simple email filtering for safer registration fixed vulnerable versions:
CM E-Mail Registration Blacklist fixed vulnerable versions:
CM Email Registration Blacklist and Whitelist fixed vulnerable versions: >= * <= 1.4.8
Name: CM E-Mail Registration Blacklist fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.