Description
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://wordpress.org/plugins/wysija-newsletters/changelog/
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000101
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN94409737/index.html
Scores
EPSS
0.0107
EPSS Percentile
60.9%
Details
CWE
CWE-352
Status
published
Products (50)
mailpoet/mailpoet_newsletters
0.9
mailpoet/mailpoet_newsletters
0.9.1
mailpoet/mailpoet_newsletters
0.9.2
mailpoet/mailpoet_newsletters
0.9.6
mailpoet/mailpoet_newsletters
1.0
mailpoet/mailpoet_newsletters
1.0.1
mailpoet/mailpoet_newsletters
1.1
mailpoet/mailpoet_newsletters
1.1.1
mailpoet/mailpoet_newsletters
1.1.2
mailpoet/mailpoet_newsletters
1.1.3
... and 40 more
Published
Aug 26, 2014
Tracked Since
Feb 18, 2026