CVE-2015-10081 MEDIUM

CVE-2015-10081: arnoldle submitByMailPlugin edit_list.php cross-site request forgery

Vendor Arnoldle
Product submitByMailPlugin
Weakness CWE-352 · CSRF
Published February 20, 2023
Last update November 25, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.

Key dates

02Disclosure timeline

February 20, 2023 CVE published
November 25, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab CVE-2024-12634 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-51688 WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability CVE-2021-47730 Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation CVE-2022-3776 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery