4 matches found
WordPress Nifty Newsletters plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Nifty Newsletters plugin 4.0.23 and earlier...
CVE-2021-34634
The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...
Cross site request forgery (csrf)
The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...
CVE-2021-34634
The CVE concerns the WordPress plugin Nifty Newsletters (versions up to 4.0.23). A Cross-Site Request Forgery flaw in the sola_nl_wp_head function (sola-newsletters.php) allows attackers to inject arbitrary scripts, with the vulnerability described as enabling Stored XSS. The umbrella details in ...