WordPress Plugin Vulnerabilities

Newsletter Manager < 1.0.2 - Cross-Site Request Forgery

Description

The Newsletter Manager WordPress plugin was affected by a CSRF security vulnerability which could be used to change email addresses, as well as conduct XSS attacks

Affects Plugins

Plugin icon
newsletter-manager
Fixed in 1.0.2

References

CVE
CVE-2012-6629

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
4746ab4a-cc0a-4755-8353-418e9b0ff8ae

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2020-12-29 (about 2 years ago)

Other

Published
Title
Published
2022-02-10
Title
Spiffy Calendar < 4.9.1 - Arbitrary Event Deletion via CSRF
Published
2022-09-08
Title
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
Published
2023-09-25
Title
BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF
Published
2023-02-28
Title
WoodMart < 7.1.2 - License Update/Deactivation via CSRF
Published
2023-02-27
Title
Maspik – Spam blacklist < 0.7.9 - Cross-Site Request Forgery (CSRF)