WordPress Plugin Vulnerabilities

ALO EasyMail Newsletter < 2.7.0 - Cross-Site Request Forgery (CSRF)

Description

The ALO EasyMail Newsletter WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
alo-easymail
Fixed in 2.7.0

References

Exploitdb
39451
URL
https://packetstormsecurity.com/files/#135780/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
be35df65-5b10-4c5e-9b1e-4e6f9c263cf3

Timeline

Publicly Published
2016-02-16 (about 10 years ago)
Added
2016-02-16 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-03-11
Title
Domain Theme <= 1.3 - Cross-Site Request Forgery
Published
2025-06-13
Title
AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update
Published
2025-03-04
Title
I Am Gloria <= 1.1.4 - Cross-Site Request Forgery
Published
2024-04-24
Title
WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF
Published
2025-09-05
Title
Error Monitoring by Bugsnag < 1.6.4 - Cross-Site Request Forgery