CVE-2023-41730
MEDIUMSendPress Newsletters <= 1.22.3.31 - Cross-Site Request Forgery
Title source: llmDescription
Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory vdb-entry
https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-cross-site-request-forgery-csrf?_s_id=cve
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
11.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (3)
brewlabs/SendPress Newsletters
< 1.26.1.20
pressified/sendpress
< 1.22.3.31
SendPress/SendPress Newsletters
< 1.22.3.31
Published
Oct 10, 2023
Tracked Since
Feb 18, 2026