Newsletter Popup <= 1.2 - Record Deletion via CSRF
CVE-2023-0766

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Newsletter Popup
Vendor: CVE Published:; 30 May 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-0766?

The Newsletter Popup WordPress plugin, up to version 1.2, lacks crucial CSRF checks, enabling attackers to exploit the wp_newsletter_show_localrecord page. This oversight allows unauthorized actions by logged-in users, posing a significant security risk. Without proper nonce protection, the plugin's inability to validate requests makes it vulnerable to CSRF attacks, potentially compromising user accounts and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Newsletter Popup 0 <= 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-0766 - Proof of Concept

References

https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 30, 2023
👾
Exploit known to exist
May 30, 2023
Vulnerability published
May 30, 2023
Vulnerability Reserved
Feb 9, 2023

Credit

Lana Codes

WPScan

JSON

Wordpress

Badges

What is CVE-2023-0766?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.