CVE-2024-31434 — Cross-Site Request Forgery in Lissa THE Newsletter Team Newsletter

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 69.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stefano Lissa THE Newsletter Team Newsletter

Timeline

PublishedApr 15

Description

Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5stefano_lissa_the_newsletter_team/newslettern/a — 8.0.6

🔴Vulnerability Details

GHSA

GHSA-fg4q-v7q8-28mx: Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter↗2024-04-15

▶

CVEList

WordPress Newsletter plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) vulnerability↗2024-04-15

▶