Unprotected CSRF and XSS Vulnerabilities in ENL Newsletter WordPress Plugin
CVE-2024-3058

Currently unrated

Key Information:

Vendor: Wordpress
Status: Enl-newsletter
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-3058?

The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

References

https://wpscan.com/vulnerability/fc33c79d-ad24-4d55-973a-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024

Wordpress

What is CVE-2024-3058?

References

Timeline