Lucene search
WPScanCVE-2024-3642HistoryMay 16, 2024 - 6:15 a.m.
CVE-2024-3642
2024-05-1606:15:09
WPScan
web.nvd.nist.gov
35
newsletter popup plugin
csrf
vulnerability
wordpress
attack
admin
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
Affected configurations
Node
newsletter_popup_projectnewsletter_popupRange≤1.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| newsletter_popup_project | newsletter_popup | * | cpe:2.3:a:newsletter_popup_project:newsletter_popup:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Newsletter Popup",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.2"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-3642
2024-05-16 06:15:09
cvelist
cvelist
CVE-2024-3642 Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF
2024-05-16 06:00:02
vulnrichment
vulnrichment
CVE-2024-3642 Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF
2024-05-16 06:00:02
wpvulndb
wpvulndb
Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF
2024-04-25 00:00:00
wpexploit
wpexploit
Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF
2024-04-25 00:00:00