CVE-2014-3907

MailPoet Newsletters <2.6.11 - CSRF

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000101
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN94409737/index.html

Scores

EPSS 0.0107
EPSS Percentile 60.9%

Details

CWE
CWE-352
Status published
Products (50)
mailpoet/mailpoet_newsletters 0.9
mailpoet/mailpoet_newsletters 0.9.1
mailpoet/mailpoet_newsletters 0.9.2
mailpoet/mailpoet_newsletters 0.9.6
mailpoet/mailpoet_newsletters 1.0
mailpoet/mailpoet_newsletters 1.0.1
mailpoet/mailpoet_newsletters 1.1
mailpoet/mailpoet_newsletters 1.1.1
mailpoet/mailpoet_newsletters 1.1.2
mailpoet/mailpoet_newsletters 1.1.3
... and 40 more
Published Aug 26, 2014
Tracked Since Feb 18, 2026