Title: CSRF vulnerability
Last modified: September 28, 2022

---

# CSRF vulnerability

 *  [dstamos](https://wordpress.org/support/users/dstamos/)
 * (@dstamos)
 * [3 years, 8 months ago](https://wordpress.org/support/topic/csrf-vulnerability/)
 * I get the following Message about your plugin saying that your plugin has a vulnerability.
   Is this true and if so when will the vulnerability be fixed? Please Advise ASAP.
 * WordPress Manage Notification E-mails plugin <= 1.8.2 – Cross-Site Request Forgery(
   CSRF) vulnerability

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Idel](https://wordpress.org/support/users/freetanga/)
 * (@freetanga)
 * [3 years, 8 months ago](https://wordpress.org/support/topic/csrf-vulnerability/#post-16049802)
 * +1
 * Thank you.
 *  [sexcuk](https://wordpress.org/support/users/sexcuk/)
 * (@sexcuk)
 * [3 years, 8 months ago](https://wordpress.org/support/topic/csrf-vulnerability/#post-16050180)
 * We get the same warning as well and we use this plugin for every website we own.
 * WordPress Manage Notification E-mails plugin <= 1.8.2 – Cross-Site Request Forgery(
   CSRF) vulnerability.
    -  This reply was modified 3 years, 8 months ago by [Yui](https://wordpress.org/support/users/fierevere/).
    -  This reply was modified 3 years, 8 months ago by [sexcuk](https://wordpress.org/support/users/sexcuk/).
 *  [scmsteve](https://wordpress.org/support/users/scmsteve/)
 * (@scmsteve)
 * [3 years, 8 months ago](https://wordpress.org/support/topic/csrf-vulnerability/#post-16052107)
 * I wish the problem report had more information. I did look into this a bit to
   see if it could be mitigated with a hotfix, but I only see $_POST data being 
   evaluated in one location, and in that location checks are made for both current_user_can()
   as well as check_admin_referrer(). But this isn’t my area so there may yet be
   some other security hole in here.
 *  [scmsteve](https://wordpress.org/support/users/scmsteve/)
 * (@scmsteve)
 * [3 years, 8 months ago](https://wordpress.org/support/topic/csrf-vulnerability/#post-16052703)
 * 1.8.3 is out to fix this. Quick response! Thanks!!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘CSRF vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/manage-notification-emails/assets/icon-256x256.png?rev=1242800)
 * [Manage Notification E-mails](https://wordpress.org/plugins/manage-notification-emails/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/manage-notification-emails/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/manage-notification-emails/)
 * [Active Topics](https://wordpress.org/support/plugin/manage-notification-emails/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/manage-notification-emails/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/manage-notification-emails/reviews/)

 * 7 replies
 * 4 participants
 * Last reply from: [scmsteve](https://wordpress.org/support/users/scmsteve/)
 * Last activity: [3 years, 8 months ago](https://wordpress.org/support/topic/csrf-vulnerability/#post-16052703)
 * Status: not resolved