Cross-Site Request Forgery Vulnerability in MailPoet Newsletters Plugin for WordPress
CVE-2014-3907

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mailpoet Newsletters
Vendor: CVE Published:; 26 August 2014

Summary

The MailPoet Newsletters plugin for WordPress is susceptible to a cross-site request forgery (CSRF) attack. This vulnerability allows remote attackers to execute actions on behalf of authenticated users, potentially compromising sensitive account information. Users must upgrade to version 2.6.11 or above to mitigate this risk. Proper validation of requests is essential to safeguard against unauthorized actions.

References

http://wordpress.org/plugins/wysija-newsletters/changelog/

x_refsource_CONFIRM

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000101

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN94409737/index.html

third-party-advisoryx_refsource_JVN

Timeline

Vulnerability published
Aug 26, 2014
Vulnerability Reserved
May 27, 2014