ThreatPress

WordPress Vulnerabilities Database

Back

WordPress ALO EasyMail NewsLetter Plugin 2.9.2 - CSRF

Product
ALO EasyMail Newsletter
Description
ALO EasyMail NewsLetter Plugin prior to 2.9.3 is prone to a cross-site request forgery (CSRF). It allows remote attackers to add/import arbitrary subscribers.
Solution
Update ALO EasyMail NewsLetter plugin to 2.9.3 version.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
SumOfPwn
Exploit DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.9.2
Fixed In 2.9.3
Disclosure date
2016-07-24
Credits
Yorick Koster