Despite what the original advisory states, the affected POST parameter is βlabelβ. The CSRF issue was fixed in version 1.1.8, however, the Plugin still did not validate or output encode the βlabelβ parameter.
CPE | Name | Operator | Version |
---|---|---|---|
newsletter-by-supsystic | lt | 1.1.8 |