Lucene search
HistoryAug 26, 2014 - 2:55 p.m.
CVE-2014-3907
mailpoet newsletters
wordpress
csrf
vulnerability
cve-2014-3907
nvd
authentication
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.6%
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
Affected configurations
Node
mailpoetmailpoet_newslettersRange≤2.6.10wordpress
ORmailpoetmailpoet_newslettersMatch0.9wordpress
ORmailpoetmailpoet_newslettersMatch0.9.1wordpress
ORmailpoetmailpoet_newslettersMatch0.9.2wordpress
ORmailpoetmailpoet_newslettersMatch0.9.6wordpress
ORmailpoetmailpoet_newslettersMatch1.0wordpress
ORmailpoetmailpoet_newslettersMatch1.0.1wordpress
ORmailpoetmailpoet_newslettersMatch1.1wordpress
ORmailpoetmailpoet_newslettersMatch1.1.1wordpress
ORmailpoetmailpoet_newslettersMatch1.1.2wordpress
ORmailpoetmailpoet_newslettersMatch1.1.3wordpress
ORmailpoetmailpoet_newslettersMatch1.1.4wordpress
ORmailpoetmailpoet_newslettersMatch1.1.5wordpress
ORmailpoetmailpoet_newslettersMatch2.0wordpress
ORmailpoetmailpoet_newslettersMatch2.0.1wordpress
ORmailpoetmailpoet_newslettersMatch2.0.2wordpress
ORmailpoetmailpoet_newslettersMatch2.0.3wordpress
ORmailpoetmailpoet_newslettersMatch2.0.4wordpress
ORmailpoetmailpoet_newslettersMatch2.0.5wordpress
ORmailpoetmailpoet_newslettersMatch2.0.6wordpress
ORmailpoetmailpoet_newslettersMatch2.0.7wordpress
ORmailpoetmailpoet_newslettersMatch2.0.8wordpress
ORmailpoetmailpoet_newslettersMatch2.0.9wordpress
ORmailpoetmailpoet_newslettersMatch2.0.9.5wordpress
ORmailpoetmailpoet_newslettersMatch2.1wordpress
ORmailpoetmailpoet_newslettersMatch2.1.1wordpress
ORmailpoetmailpoet_newslettersMatch2.1.2wordpress
ORmailpoetmailpoet_newslettersMatch2.1.3wordpress
ORmailpoetmailpoet_newslettersMatch2.1.4wordpress
ORmailpoetmailpoet_newslettersMatch2.1.5wordpress
ORmailpoetmailpoet_newslettersMatch2.1.6wordpress
ORmailpoetmailpoet_newslettersMatch2.1.7wordpress
ORmailpoetmailpoet_newslettersMatch2.1.8wordpress
ORmailpoetmailpoet_newslettersMatch2.1.9wordpress
ORmailpoetmailpoet_newslettersMatch2.2wordpress
ORmailpoetmailpoet_newslettersMatch2.2.1wordpress
ORmailpoetmailpoet_newslettersMatch2.2.2wordpress
ORmailpoetmailpoet_newslettersMatch2.2.3wordpress
ORmailpoetmailpoet_newslettersMatch2.3wordpress
ORmailpoetmailpoet_newslettersMatch2.3.1wordpress
ORmailpoetmailpoet_newslettersMatch2.3.2wordpress
ORmailpoetmailpoet_newslettersMatch2.3.3wordpress
ORmailpoetmailpoet_newslettersMatch2.3.4wordpress
ORmailpoetmailpoet_newslettersMatch2.3.5wordpress
ORmailpoetmailpoet_newslettersMatch2.4wordpress
ORmailpoetmailpoet_newslettersMatch2.4.1wordpress
ORmailpoetmailpoet_newslettersMatch2.4.2wordpress
ORmailpoetmailpoet_newslettersMatch2.4.3wordpress
ORmailpoetmailpoet_newslettersMatch2.4.4wordpress
ORmailpoetmailpoet_newslettersMatch2.5wordpress
ORmailpoetmailpoet_newslettersMatch2.5.1wordpress
ORmailpoetmailpoet_newslettersMatch2.5.2wordpress
ORmailpoetmailpoet_newslettersMatch2.5.3wordpress
ORmailpoetmailpoet_newslettersMatch2.5.4wordpress
ORmailpoetmailpoet_newslettersMatch2.5.5wordpress
ORmailpoetmailpoet_newslettersMatch2.5.7wordpress
ORmailpoetmailpoet_newslettersMatch2.5.8wordpress
ORmailpoetmailpoet_newslettersMatch2.5.9wordpress
ORmailpoetmailpoet_newslettersMatch2.5.9.1wordpress
ORmailpoetmailpoet_newslettersMatch2.5.9.2wordpress
ORmailpoetmailpoet_newslettersMatch2.5.9.3wordpress
ORmailpoetmailpoet_newslettersMatch2.5.9.4wordpress
ORmailpoetmailpoet_newslettersMatch2.6wordpress
ORmailpoetmailpoet_newslettersMatch2.6betawordpress
ORmailpoetmailpoet_newslettersMatch2.6.1wordpress
ORmailpoetmailpoet_newslettersMatch2.6.2wordpress
ORmailpoetmailpoet_newslettersMatch2.6.3wordpress
ORmailpoetmailpoet_newslettersMatch2.6.4wordpress
ORmailpoetmailpoet_newslettersMatch2.6.5wordpress
ORmailpoetmailpoet_newslettersMatch2.6.6wordpress
ORmailpoetmailpoet_newslettersMatch2.6.7wordpress
ORmailpoetmailpoet_newslettersMatch2.6.8wordpress
ORmailpoetmailpoet_newslettersMatch2.6.9wordpress
Related
patchstack
patchstack
WordPress MailPoet Newsletters Plugin <= 2.6.10 - CSRF
2014-05-27 00:00:00
cvelist
cvelist
CVE-2014-3907
2014-08-26 14:00:00
jvn
jvn
JVN#94409737: MailPoet Newsletters vulnerable to cross-site request forgery
2014-08-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-08-26 14:55:00
nvd
nvd
CVE-2014-3907
2014-08-26 14:55:05
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.6%
Related for CVE-2014-3907