WordPress Plugin Vulnerabilities

Newsletter Popup <= 1.2 - Record Deletion via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.

Proof of Concept

https://localhost/wp-admin/admin.php?page=wp_newsletter_show_localrecord&action=delete&rid=1

Affects Plugins

Plugin icon
newsletter-popup
No known fix

References

CVE
CVE-2023-0766

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
90a1976c-0348-41ea-90b4-f7a5d9306c88

Timeline

Publicly Published
2023-05-02 (about 1 years ago)
Added
2023-05-02 (about 1 years ago)
Last Updated
2023-05-02 (about 1 years ago)

Other

Published
Title
Published
2023-11-14
Title
Big File Uploads < 2.1.2 - Cross-Site Request Forgery via actions
Published
2024-05-06
Title
Business Card <= 1.0.0 - Category Edit via CSRF
Published
2024-04-12
Title
Legal Pages < 1.4.3 - Cross-Site Request Forgery
Published
2023-05-19
Title
Groundhogg < 2.7.10 - Privilege Escalation via CSRF
Published
2019-05-26
Title
Affiliates Manager < 2.6.6 - CRSF Issues