CVE-2024-3643

Name of the Vulnerable Software and Affected Versions Newsletter Popup WordPress plugin versions prior to 1.2

Description The issue concerns a lack of CSRF check when deleting a list, which could allow attackers to perform actions via a CSRF attack, making logged-in admins delete lists without their consent.

Recommendations For versions prior to 1.2, update to a version that includes a CSRF check for list deletion to prevent such attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.