WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Newsletter Manager < 1.0.2 - Cross-Site Request Forgery

Description

The Newsletter Manager WordPress plugin was affected by a CSRF security vulnerability which could be used to change email addresses, as well as conduct XSS attacks

Affects Plugins

newsletter-manager
Fixed in version 1.0.2 - plugin closed

References

CVE
CVE-2012-6629

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified

No

WPVDB ID
4746ab4a-cc0a-4755-8353-418e9b0ff8ae

Timeline

Publicly Published

2014-08-01 (about 8 years ago)

Added

2014-08-01 (about 8 years ago)

Last Updated

2020-12-29 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin