Unprotected List Deletion Vulnerability in Newsletter Popup WordPress Plugin
CVE-2024-3643
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 16 May 2024
Badges
Summary
The Newsletter Popup plugin for WordPress, up to version 1.2, is susceptible to a cross-site request forgery (CSRF) vulnerability. This security gap allows attackers to initiate unauthorized actions on behalf of logged-in administrators. Without adequate CSRF checks in place when performing deletions, an attacker can entice an admin into executing malicious actions unknowingly. As a result, this vulnerability presents significant security risks, emphasizing the need for prompt updates and protective measures for site administrators.
Affected Version(s)
Newsletter Popup 0 <= 1.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved