WordPress Sendinblue Plugin CSRF Vulnerability (CVSS 4.3)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Description: - Plugin Name: WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Plugin - Version Range: <= 3.1.82 - Vulnerability Type: Cross Site Request Forgery (CSRF) - Impact Scope: CSRF vulnerability exists in versions <= 3.1.82, potentially allowing malicious attackers to perform unauthorized actions under user authentication. 2. Risk Level: - CVSS Score: 4.3 - Risk Description: Low priority, vPatch not required. 3. Solution: - Recommendation: Update to version 3.1.83 or higher. - Description: Updating to version 3.1.83 or higher will remove this vulnerability. Patchstack users can enable automatic updates. 4. Detailed Information: - Software: WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue - Type: Plugin - Affected Versions: <= 3.1.82 - Fixed Version: 3.1.83 5. Timeline: - Reported Date: July 18, 2024 - Early Warning Sent: August 16, 2024 - Published: August 18, 2024 6. Additional Information: - Reporter: Rafie Muhammad (Patchstack) - Need Help?: Yes, assistance is available. - Just Viewing?: No, not just viewing. - Any Issues?: Yes, there are some issues. This information helps users understand the vulnerability details, risk level, solution, and timeline, enabling them to take appropriate security measures.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Sendinblue Plugin CSRF Vulnerability (CVSS 4.3)