Vulnerabilities and security researches forletterpress

CVE, Research URL: CVE-2024-3590
Home page URL: Security reports for LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing
Application: LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing
Date: May 14, 2024
Research Description: The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-27415
Home page URL: Security reports for LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing
Application: LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing
Date: Aug 08, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-34568
Home page URL: Security reports for LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing
Application: LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing
Date: May 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forletterpress letterpress