WordPress LetterPress plugin <= 1.2.2 - Subscriber Deletion via CSRF vulnerability

Subscriber Deletion via CSRF vulnerability discovered by SANU P.L in WordPress Plugin LetterPress versions = 1.2.2...

WordPress LetterPress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software LetterPress Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3590 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6967a7d78047 Credits SANU P.L Required privileg...

CVE-2024-3590

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers...

WordPress plugin LetterPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26774 · WordPress · The Letterpress

Name of the Vulnerable Software and Affected Versions: The LetterPress WordPress plugin versions 1.2.2 and earlier Description: The issue is related to the lack of CSRF checks in some areas, allowing attackers to perform unwanted actions on logged-in users via CSRF attacks, such as deleting...

WordPress plugin LetterPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin LetterPres...

WordPress LetterPress Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software LetterPress Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34568 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 60779a6f071c Credits P.L.SANU Required privilege Administrator...

CVE-2023-27415 WordPress LetterPress Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themeqx LetterPress plugin = 1.1.2 versions...

WordPress LetterPress Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software LetterPress Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27415 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 71ef1d80815f Credits Pavak Tiwari Required privile...