Lucene search
Bob MatyasWPVDB-ID:E154096D-E9B7-43BA-9A34-81A6C431025CHistoryApr 05, 2024 - 12:00 a.m.
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-0500:00:00
Bob Matyas
wpscan.com
6
csrf checks missing
campaign deletion
logged in admins
arbitrary campaigns
poc date
software update
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
PoC
Make an admin open a URL like (where <> is a valid ID): http://example.com/wp-admin/admin.php?page=enl-campaigns&action;=campaign-delete&id;=<>
Related
wpexploit
wpexploit
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-05 00:00:00
cve
cve
CVE-2024-3059
2024-04-26 05:15:50
nvd
nvd
CVE-2024-3059
2024-04-26 05:15:50
cvelist
cvelist
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
2024-04-26 05:00:04
wordfence
wordfence
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for WPVDB-ID:E154096D-E9B7-43BA-9A34-81A6C431025C