Vulnerabilities > CVE-2023-0766 - Unspecified vulnerability in Newsletter Popup Project Newsletter Popup

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

newsletter-popup-project

NVD

Published: 2023-05-30

Updated: 2024-11-21

Summary

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.

Vulnerable Configurations

Part	Description	Count
Application	Newsletter_Popup_Project Newsletter Popup Project Newsletter Popup *	1

References

https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-f7a5d9306c88
https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-f7a5d9306c88