4 matches found
WordPress plugin Customize WordPress Emails and Alerts – Better Notifications for WP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2022-0345
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...
WordPress 信息泄露漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Emails and Alerts plugin prior to 1.8.7. The vulnerability stems from the failure of the custom WordPress Emails and Alerts...
PT-2022-13119 · WordPress · Customize Wordpress Emails/Alerts
Name of the Vulnerable Software and Affected Versions: The Customize WordPress Emails and Alerts WordPress plugin versions prior to 1.8.7 Description: The issue concerns a lack of authorization and CSRF check in the bnfw search users AJAX action. This allows any authenticated users to call the...