Cross-Site Request Forgery in Eelv Newsletter Plugin for WordPress
CVE-2017-18523

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Eelv Newsletter
Vendor: CVE Published:; 20 August 2019

What is CVE-2017-18523?

The Eelv Newsletter plugin for WordPress versions prior to 4.6.1 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in its address book functionality. This flaw allows an attacker to forge requests on behalf of an authenticated user, potentially leading to unauthorized actions being executed without the user’s consent. It emphasizes the importance of securing plugins to prevent exploitation that can compromise user data.

References

https://wordpress.org/plugins/eelv-newsletter/#developers

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Aug 15, 2019

Wordpress

What is CVE-2017-18523?

References

CVSS V3.1

Timeline