CVE-2024-3059

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
5.7MEDIUM
EPSS
0.2%
top 64.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown ENL NewsletterENL Newsletter Plugin Project Enl-newsletter
Timeline
PublishedApr 26

Description

The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/enl_newsletter1.0.1

🔴Vulnerability Details

2
GHSA
GHSA-6qhv-x9gf-6f6p: The ENL Newsletter WordPress plugin through 12024-04-26
CVEList
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF2024-04-26
CVE-2024-3059 (MEDIUM CVSS 5.7) | The ENL Newsletter WordPress plugin | cvebase.io