Lucene search
WPScanVULNRICHMENT:CVE-2024-3590HistoryMay 09, 2024 - 6:00 a.m.
CVE-2024-3590 LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
2024-05-0906:00:02
WPScan
github.com
cve-2024-3590
letterpress
wordpress
csrf
vulnerability
deletion
subscribers
The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:themeqx:letterpress:-:*:*:*:*:wordpress:*:*"
],
"vendor": "themeqx",
"product": "letterpress",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.2.2"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2024-3590
2024-05-14 15:41:54
wpexploit
wpexploit
LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
2024-04-18 00:00:00
wpvulndb
wpvulndb
LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
2024-04-18 00:00:00
cve
cve
CVE-2024-3590
2024-05-14 15:41:54
cvelist
cvelist
CVE-2024-3590 LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
2024-05-09 06:00:02
wordfence
wordfence
AI Score
6.9
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-3590