Lucene search
WPScanVULNRICHMENT:CVE-2024-3059HistoryApr 26, 2024 - 5:00 a.m.
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-2605:00:04
WPScan
github.com
2
enl newsletter
wordpress
csrf
vulnerability
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:enl_newsletter_plugin_project:enl-newsletter:1.0.1:*:*:*:*:wordpress:*:*"
],
"vendor": "enl_newsletter_plugin_project",
"product": "enl-newsletter",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]Related
wpexploit
wpexploit
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-05 00:00:00
cve
cve
CVE-2024-3059
2024-04-26 05:15:50
cvelist
cvelist
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-26 05:00:04
wpvulndb
wpvulndb
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-05 00:00:00
nvd
nvd
CVE-2024-3059
2024-04-26 05:15:50
wordfence
wordfence
AI Score
7.1
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-3059