CVE-2022-33201 The MailerLite - Signup forms (official) plugin 1.5.7 has a CSRF vulnerability that allows an attacker to change the API key.

This issue happens when a user signs up for a MailerLite account through a WordPress site. During the registration process, an attacker can use a CSRF vulnerability to change the API key. This will allow the hacker to impersonate the target user, login to the account and make requests to any API keys they want. This can be leveraged to access sensitive data, create fraudulent signups and get the victim’s email address. The official WordPress plugin version of MailerLite is vulnerable to a CSRF attack, but the users who signed up through the plugin do not have to worry about being hacked. In order to fix this issue, update to the latest version of the plugin.

How to check if your WordPress site is vulnerable?

In order to check if a WordPress site is vulnerable, you can use the following steps:
1. Go to your WordPress dashboard and access the "Settings" interface
2. Go to "Security & Maintenance" tab and then click on "CSRF Protection"
3. If there is an option that says "Enabled" or it says "On," the website is vulnerable
4. If there is an option that says "Disabled," then the website is not vulnerable
5. If there is an option that says "Temporary," this means that MailerLite has temporarily reset its CSRF protection settings

Check if you’re vulnerable to a CSRF attack

You can check if you’re vulnerable to a CSRF attack by visiting this site:
https://www.whitehatsecurity.com/site/exploit/25018
If the website shows that you are vulnerable, then your WordPress site is also vulnerable.

MailerLite CSRF vulnerability – how it works

If a user signs up for a MailerLite account through the WordPress plugin, there is a CSRF vulnerability. This means that an attacker can use a CSRF attack to change the API key of the target account. In doing so, the hacker will be able to login as the target and make requests to any API keys they want. The attacker would then be able to access sensitive data, create fraudulent signups and gain access to their email address. However, because this plugin is used by people who have created accounts on their website through it, they are not vulnerable to this issue. The vulnerability in this plugin was fixed in version 2.6.1 of the plugin released on March 3rd 2018.

Timeline

Published on: 08/05/2022 16:15:00 UTC
Last modified on: 08/08/2022 17:37:00 UTC

References

• https://wordpress.org/plugins/official-mailerlite-sign-up-forms/#developers
• https://patchstack.com/database/vulnerability/official-mailerlite-sign-up-forms/wordpress-mailerlite-signup-forms-official-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33201