WordPress Plugin Vulnerabilities

ALO EasyMail Newsletter <= 2.9.2 - Cross-Site Request Forgery (CSRF)

Description

The ALO EasyMail Newsletter WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
alo-easymail
Fixed in 2.9.3

References

URL
https://seclists.org/bugtraq/2016/Aug/14
URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_alo_easymail_newsletter_wordpress_plugin.html

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0f0999b0-4ef3-4d78-a4e4-791239e1ec2a

Timeline

Publicly Published
2016-08-01 (about 9 years ago)
Added
2016-08-02 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-06-27
Title
WordPress CTA < 1.7.1 - Cross-Site Request Forgery
Published
2024-06-05
Title
Offload Videos – Bunny.net, AWS S3 <= 1.0.1 Subscriber+ CSRF
Published
2024-12-12
Title
Metrika <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-01-19
Title
AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF
Published
2025-01-16
Title
Password Protect Plugin for WordPress <= 0.8.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting