PT-2026-3532 · WordPress · Newsletter – Send Awesome Emails From Wordpress

Boris Bogosavac

Publicado

2026-01-20

Atualizado

2026-01-20

CVE-2026-1051

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Newsletter – Send awesome emails from WordPress plugin versions prior to 9.1.1

Description The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by insufficient or incorrect nonce validation within the hook newsletter action() function. An unauthenticated attacker could potentially unsubscribe newsletter subscribers by forging a request, provided they can trick a logged-in user into performing an action, such as clicking a malicious link.

Recommendations Update The Newsletter – Send awesome emails from WordPress plugin to version 9.1.1 or later.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2026-1051

Produtos afetados

Newsletter – Send Awesome Emails From Wordpress

PT-2026-3532 · WordPress · Newsletter – Send Awesome Emails From Wordpress

CVE-2026-1051

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5