CVE-2023-0766

Name of the Vulnerable Software and Affected Versions The Newsletter Popup WordPress plugin versions 1.2 and earlier

Description The issue concerns a lack of CSRF checks in certain areas of the plugin, which could allow attackers to perform unwanted actions on behalf of logged-in users through CSRF attacks. Specifically, the wp newsletter show localrecord page is not protected with a nonce, making it vulnerable to such attacks.

Recommendations For versions 1.2 and earlier, consider disabling the wp newsletter show localrecord page or restricting access to it until a patch is available. As a temporary workaround, restrict access to the vulnerable areas of the plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.