NS Maintenance Mode for WP WordPress Plugin Unauthenticated Subscriber Export Vulnerability

A vulnerability exists in the NS Maintenance Mode for WP WordPress plugin, affecting versions through 1.3.1. The issue arises because the plugin's subscriber export function lacks proper authorization, allowing unauthenticated attackers to download a CSV file containing the names and email addresses of a site's subscribers.

Impact

Exploitation of this vulnerability leads to unauthorized access to subscriber information, including names and email addresses, which could be used for malicious purposes such as phishing attacks.

Reproduction

To reproduce this vulnerability, first activate the NS Maintenance Mode for WP WordPress plugin. Then, go to the Subscribers menu, where the plugin registers a public 'subscriber' post type. Add new subscribers by entering their names and email addresses. After creating multiple subscribers, the vulnerability can be exploited by sending a POST request to 'wp-admin/admin-ajax.php' with the action 'ns_mm_create_csv_subscriber'. This request will trigger the export function and return a CSV file with the subscriber data.