DeBounce Email Validator WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the DeBounce Email Validator plugin for WordPress, affecting all versions through 5.7. The vulnerability arises from inadequate nonce validation on the 'debounce_email_validator' page, allowing unauthenticated attackers to manipulate settings and inject malicious scripts. Exploitation requires tricking a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, where an attacker can perform actions on behalf of a user without their consent. This could lead to unauthorized changes in settings or the injection of malicious scripts that could be executed in the context of the user.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.