3 matches found
CVE-2024-3058 ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-3058 ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WordPress ENL Newsletter Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software ENL Newsletter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3058 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 26ae2d990adc Credits Bob Matyas Required privile...