CVE-2024-3590 LetterPress <= 1.2.2 - Subscriber Deletion via CSRF

2024-05-0906:00:02

WPScan

www.cve.org

cve-2024-3590

letterpress

wordpress

csrf

vulnerability

subscribers

deletion

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "LetterPress ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.2.2"
      }
    ],
    "defaultStatus": "affected"
  }
]