The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
[
{
"cpes": [
"cpe:2.3:a:enl_newsletter_plugin_project:enl-newsletter:1.0.1:*:*:*:*:wordpress:*:*"
],
"vendor": "enl_newsletter_plugin_project",
"product": "enl-newsletter",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]