Lucene search
K

4 matches found

CNVD
CNVD
added 2021/08/07 12:0 a.m.15 views

WordPress Nifty Newsletters plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Nifty Newsletters plugin 4.0.23 and earlier...

8.8CVSS8.7AI score0.007EPSS
Exploits1References1
NVD
NVD
added 2021/08/05 9:15 p.m.16 views

CVE-2021-34634

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...

8.8CVSS0.007EPSS
Exploits1References2
Prion
Prion
added 2021/08/05 9:15 p.m.11 views

Cross site request forgery (csrf)

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...

6.8CVSS8.5AI score0.007EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/05 8:13 p.m.64 views

CVE-2021-34634

The CVE concerns the WordPress plugin Nifty Newsletters (versions up to 4.0.23). A Cross-Site Request Forgery flaw in the sola_nl_wp_head function (sola-newsletters.php) allows attackers to inject arbitrary scripts, with the vulnerability described as enabling Stored XSS. The umbrella details in ...

8.8CVSS8.6AI score0.007EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder