Lucene search
WPScanCVE-2024-3059HistoryApr 26, 2024 - 5:15 a.m.
CVE-2024-3059
2024-04-2605:15:50
WPScan
web.nvd.nist.gov
34
cve-2024-3059
enl newsletter
wordpress
csrf
vulnerability
nvd
admin
campaigns
attack
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
AI Score
9.2
Confidence
High
EPSS
0
Percentile
9.0%
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
Affected configurations
Node
enl_newsletter_plugin_projectenl-newsletterRange≤1.0.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| enl_newsletter_plugin_project | enl-newsletter | * | cpe:2.3:a:enl_newsletter_plugin_project:enl-newsletter:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "ENL Newsletter",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.0.1"
}
],
"defaultStatus": "affected"
}
]Related
wpexploit
wpexploit
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-05 00:00:00
vulnrichment
vulnrichment
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-26 05:00:04
cvelist
cvelist
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-26 05:00:04
wpvulndb
wpvulndb
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-05 00:00:00
nvd
nvd
CVE-2024-3059
2024-04-26 05:15:50
wordfence
wordfence
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
AI Score
9.2
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-3059