What is CVE-2014-3907?

CVE-2014-3907 is a vulnerability in Mailpoet Mailpoet_newsletters, classified under Cross-Site Request Forgery (CSRF). Published 2014-08-26.

Is CVE-2014-3907 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CSRF in Mailpoet Mailpoet_newsletters

CVE-2014-3907

Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (27.7th percentile) — read the EPSS interpretation.

Affected products

Mailpoet Mailpoet_newsletters — versions 0.9, 0.9.1, 0.9.2
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

Public proof-of-concept exploits

20142995/nuclei-templates

References

vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch)
JVNDB-2014-000101 (x_refsource_JVNDB, third-party-advisory)
JVN#94409737 (x_refsource_JVN, third-party-advisory)

Frequently asked questions

What is CVE-2014-3907?: CVE-2014-3907 is a vulnerability in Mailpoet Mailpoet_newsletters, classified under Cross-Site Request Forgery (CSRF). Published 2014-08-26.
Is CVE-2014-3907 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.