Cross-Site Request Forgery Vulnerabilities in Newsletter Manager Plugin for WordPress
CVE-2012-6629

Currently unrated

Key Information:

Vendor: Wordpress
Status: Newsletter Manager
Vendor: CVE Published:; 16 January 2014

What is CVE-2012-6629?

The Newsletter Manager plugin for WordPress versions 1.0.2 and earlier contains multiple vulnerabilities that expose administrators to remote attacks. Unsuspecting attackers can exploit these cross-site request forgery (CSRF) flaws to hijack user sessions, allowing them to execute unauthorized actions, such as altering email addresses or inserting malicious scripts. The lack of verification on state-changing requests contributes to this security risk, which calls for immediate attention and safeguards for users relying on this plugin.

References

http://secunia.com/advisories/49152

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 16, 2014

Wordpress

What is CVE-2012-6629?

References

Timeline