Login Sign Up

CVE-2024-3643

8.8 HIGH
CSRF

📋 TL;DR

This vulnerability in the Newsletter Popup WordPress plugin allows attackers to trick logged-in administrators into deleting newsletter lists via Cross-Site Request Forgery (CSRF) attacks. Attackers can craft malicious requests that appear legitimate, causing administrators to unknowingly perform destructive actions. Only WordPress sites using vulnerable versions of the Newsletter Popup plugin are affected.

💻 Affected Systems

Products:
  • Newsletter Popup WordPress Plugin
Versions: Versions through 1.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Newsletter Popup plugin enabled and administrator access.

📦 What is this software?

Newsletter Popup by Mndpsingh287

View all CVEs affecting Newsletter Popup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all newsletter subscriber lists, causing permanent data loss and disrupting email marketing operations.

🟠

Likely Case

Targeted deletion of specific subscriber lists, potentially affecting customer communication and marketing campaigns.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if administrators don't visit malicious sites while logged in.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick administrators into visiting malicious pages while logged into WordPress admin.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.3 or later

Vendor Advisory: https://wpscan.com/vulnerability/698277e6-56f9-4688-9a84-c2fa3ea9f7dc/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Newsletter Popup plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Disable Newsletter Popup Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate newsletter-popup

Implement CSRF Protection Manually

all

Add nonce verification to delete list functionality

Edit plugin PHP files to add wp_verify_nonce() checks before delete actions

🧯 If You Can't Patch

  • Restrict administrator access to trusted networks only
  • Implement web application firewall rules to block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Newsletter Popup version. If version is 1.2 or earlier, you are vulnerable.

Check Version:

wp plugin get newsletter-popup --field=version

Verify Fix Applied:

After updating, verify plugin version is 1.3 or later in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

  • Multiple DELETE requests to newsletter list endpoints from same IP
  • Unusual deletion patterns in newsletter subscriber logs

Network Indicators:

  • HTTP POST requests to wp-admin/admin-ajax.php with delete_list action without proper referrer headers

SIEM Query:

source="wordpress.log" action="delete_list" AND NOT referrer CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2024-3643
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: May 16, 2024
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3643, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)