CVE-2023-0766

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 30, 2023

Updated: Jan 10, 2025

Summary

CVE-2023-0766 is a vulnerability affecting the Newsletter Popup plugin for WordPress. The issue lies in the plugin's lack of Cross-Site Request Forgery (CSRF) checks in certain areas. This weakness enables attackers to manipulate logged-in users into performing unintended actions, such as making changes to their account settings or other functionalities. Specifically, the wp_newsletter_show_localrecord page is unprotected by a nonce, leaving it susceptible to CSRF attacks. Users are advised to update their Newsletter Popup plugin to a version that addresses this issue to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rKbpuz
https://www.cve.org/CVERecord?id=CVE-2023-0766
https://nvd.nist.gov/vuln/detail/CVE-2023-0766

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2023-0766

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations