CVE-2023-7202

2024-02-2709:15:37

[email protected]

web.nvd.nist.gov

2755

cve-2023-7202

fatal error notify wordpress plugin

authorization check

csrf vulnerability

admin email spam

9.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF

Affected configurations

Vulners

Node

savignanos-notifyRange<1.5.3

VendorProductVersionCPE
savignanos\-notify*cpe:2.3:a:savignano:s\-notify:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
savignano	s\-notify	*	cpe:2.3:a:savignano:s\-notify::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Fatal Error Notify",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.5.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]