CVE-2026-1051
CSRF Vulnerability in Newsletter WordPress Plugin Allows Unsubscribe Abuse
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newsletter | newsletter | to 9.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Newsletter WordPress plugin (up to version 9.1.0). It occurs because the plugin's hook_newsletter_action() function lacks proper nonce validation, allowing unauthenticated attackers to trick logged-in users into unsubscribing newsletter subscribers by making them perform unintended actions, such as clicking a malicious link.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can cause logged-in users to unknowingly unsubscribe newsletter subscribers without their consent. This can lead to loss of subscribers, disruption of communication with your audience, and potential damage to your newsletter's reputation and effectiveness.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Cross-Site Request Forgery (CSRF) on the Newsletter WordPress plugin's unsubscription functionality. Detection can focus on monitoring for unusual or unauthorized unsubscribe requests, especially POST requests to the newsletter action URL with actions like 'uc' (unsubscribe confirm) or 'u' (unsubscribe). You can inspect web server logs for such requests originating from unexpected sources or without proper nonce validation. For example, using command-line tools to search logs for unsubscribe actions: 1. grep 'action=uc' /path/to/access.log 2. grep 'action=u' /path/to/access.log Additionally, monitoring for suspicious HTTP_REFERER headers or unexpected user agents in these requests may help detect exploitation attempts. However, no specific detection commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Newsletter plugin to a version later than 9.1.0 where the nonce validation issue is fixed. If an update is not immediately possible, consider disabling the unsubscription functionality or restricting access to it to trusted users only. Additionally, implementing Web Application Firewall (WAF) rules to block suspicious unsubscribe requests or requests lacking proper nonce tokens can help mitigate exploitation. Monitoring and blocking known bots and automated requests, as the plugin attempts, can also reduce risk. Finally, educating users to avoid clicking suspicious links can help prevent CSRF attacks. [2]