Lucene search

[email protected]CVE-2020-5767

HistoryJul 17, 2020 - 10:15 p.m.

CVE-2020-5767

2020-07-1722:15:11

CWE-352

[email protected]

web.nvd.nist.gov

cve

2020

5767

cross-site request forgery

csrf

icegram

email subscribers

newsletters

plugin

wordpress

remote attacker

forged emails

legitimate users

crafted link

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.

Affected configurations

NVD

Node

icegramemail_subscribers_\&_newslettersMatch4.4.8wordpress

CPENameOperatorVersion
icegram:email_subscribers_\&_newslettersicegram email subscribers & newsletterseq4.4.8

CPE	Name	Operator	Version
icegram:email_subscribers_\&_newsletters	icegram email subscribers & newsletters	eq	4.4.8

CNA Affected

[
  {
    "product": "Icegram Email Subscribers & Newsletters Plugin for WordPress",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "4.4.8"
      }
    ]
  }
]