Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-68907
HistoryAug 07, 2021 - 12:00 a.m.

WordPress Nifty Newsletters plugin cross-site request forgery vulnerability

2021-08-0700:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
wordpress
nifty newsletters
cross-site request forgery
php
sola_nl_wp_head
malicious requests

EPSS

0.001

Percentile

47.2%

JSON

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Nifty Newsletters plugin 4.0.23 and earlier versions are vulnerable to cross-site request forgery, which stems from the failure of the sola_nl_wp_head function in the sola-newletters.php file to The vulnerability is caused when the sola_nl_wp_head function in the sola-newletters.php file fails to adequately verify that the request is from a trusted user, and can be exploited to spoof malicious requests to trick victims into clicking through to perform sensitive actions.

Related

prion 1
cvelist 1
nvd 1
cve 1
wpvulndb 1
patchstack 1
prion
prion
Cross site request forgery (csrf)
2021-08-05 21:15:00
cvelist
cvelist
CVE-2021-34634 Nifty Newsletters <= 4.0.23 - Cross-Site Request Forgery to Stored Cross-Site Scripting
2021-08-05 20:13:56
nvd
nvd
CVE-2021-34634
2021-08-05 21:15:12
cve
cve
CVE-2021-34634
2021-08-05 21:15:12
wpvulndb
wpvulndb
Nifty Newsletters <= 4.0.23 - CSRF to Stored XSS
2021-07-30 00:00:00
patchstack
patchstack
WordPress Nifty Newsletters plugin <= 4.0.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
2021-07-30 00:00:00

EPSS

0.001

Percentile

47.2%

JSON
Related for CNVD-2022-68907
prion1cvelist1nvd1cve1wpvulndb1patchstack1