CVE-2024-3590 LetterPress <= 1.2.2 - Subscriber Deletion via CSRF

2024-05-0906:00:02

WPScan

www.cve.org

cve-2024-3590

letterpress

wordpress

csrf

vulnerability

subscribers

deletion

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "LetterPress ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.2.2"
      }
    ],
    "defaultStatus": "affected"
  }
]