CVE-2024-13521 – This CSRF vulnerability in the MailUp Auto Subs... (How to Fix)

Q: What is the severity of CVE-2024-13521?

CVE-2024-13521 has a CVSS score of 6.1 (MEDIUM). This CSRF vulnerability in the MailUp Auto Subscription WordPress plugin allows unauthenticated attackers to change plugin settings and inject malicious scripts by tricking administrators into clicking malicious links. All WordPress sites using this plugin up to version 1.1.0 are affected. The attack requires social engineering to get an administrator to perform an action while logged in.

📋 TL;DR

This CSRF vulnerability in the MailUp Auto Subscription WordPress plugin allows unauthenticated attackers to change plugin settings and inject malicious scripts by tricking administrators into clicking malicious links. All WordPress sites using this plugin up to version 1.1.0 are affected. The attack requires social engineering to get an administrator to perform an action while logged in.

💻 Affected Systems

Products:

MailUp Auto Subscription WordPress Plugin

Versions: All versions up to and including 1.1.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the vulnerable plugin active. Requires administrator interaction for exploitation.

📦 What is this software?

Mailup Auto Subscription by Ilghera

View all CVEs affecting Mailup Auto Subscription →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could inject persistent malicious scripts into WordPress settings, leading to site defacement, credential theft via keyloggers, or malware distribution to visitors.

🟠

Likely Case

Attackers modify subscription settings to redirect users, collect email addresses maliciously, or inject ads/SEO spam into the site.

🟢

If Mitigated

With proper nonce validation and admin awareness, exploitation attempts fail, causing no impact beyond failed CSRF attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CSRF attacks are well-understood and easy to weaponize. No public exploit code needed - standard CSRF techniques work.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.0

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3060078%40mailup-auto-subscribtion%2Ftags%2F1.1.0&new=3229728%40mailup-auto-subscribtion%2Ftags%2F1.2.0

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'MailUp Auto Subscription'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.2.0 from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the vulnerable plugin until patched

wp plugin deactivate mailup-auto-subscription

Add CSRF Protection Manually

all

Add nonce validation to the mas_options function in plugin code

Edit wp-content/plugins/mailup-auto-subscription/includes/class-mailup-auto-subscription.php and add wp_verify_nonce() checks

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to limit script injection impact
Use WordPress security plugins that add CSRF protection globally

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → MailUp Auto Subscription → Version. If version is 1.1.0 or lower, you're vulnerable.

Check Version:

wp plugin get mailup-auto-subscription --field=version

Verify Fix Applied:

After update, verify plugin version shows 1.2.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-post.php with action=mas_options
Multiple failed CSRF attempts in WordPress security logs
Unexpected changes to plugin settings without admin login records

Network Indicators:

CSRF attack patterns: requests with Referer headers pointing to external domains
Malicious iframe or script tags in plugin settings

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin-post.php" AND parameters.action="mas_options")

📊 Metadata

CVE ID: CVE-2024-13521

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (12.5th percentile)

Published: January 28, 2025

Last Updated: January 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13521, you might also want to check these: