Get Started

WordPress: Cross-Site Request Forgery (CSRF) Vulnerability in MailUp Auto Subscription Plugin

by the Hossted team
29.01.2025

In MailUp Auto Subscription plugin for WordPress versions 1.1.0 and prior a medium severity vulnerability CVE-2024-13521 was detected. This vulnerability allows unauthenticated attackers to perform cross-site request forgery (CSRF) attacks, enabling them to update settings and inject malicious web scripts by tricking a site administrator into clicking a link. To address this issue, users should upgrade MailUp Auto Subscription plugin to version 1.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13521.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR