WordPress Brevo plugin <= 3.1.87 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Joshua Chan in WordPress Plugin Brevo versions = 3.1.87...

PT-2024-39043 · Brevo · The Newsletter

Name of the Vulnerable Software and Affected Versions: The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin for WordPress versions up to, and including, 3.1.87 Description: The issue is due to missing or incorrect nonce validation on the Init function, making it possible for...