Cross-Site Request Forgery in Eelv Newsletter Plugin for WordPress
CVE-2017-18523
8.8HIGH
What is CVE-2017-18523?
The Eelv Newsletter plugin for WordPress versions prior to 4.6.1 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in its address book functionality. This flaw allows an attacker to forge requests on behalf of an authenticated user, potentially leading to unauthorized actions being executed without the user’s consent. It emphasizes the importance of securing plugins to prevent exploitation that can compromise user data.