Vulnerability: CSRF attack in WordPress Knews Multilingual Newsletters
Number of vulnerabilities: 1
Vector operation: Remote
Impact: Cross Site Scripting
Affected products: WordPress Knews Multilingual Newsletters Plugin 1.x
Affected versions: Knews WordPress Multilingual Newsletters 1.2.5, possibly earlier.
The vulnerability allows malicious people to conduct XSS attacks.
The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and change the e-mail address.
Manufacturer URL: http://wordpress.org/extend/plugins/knews/
Solution: Install the latest version 1.2.6 from the manufacturer.