3 matches found
CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...
CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...
CVE-2022-2377
The CVE concerns the Directorist WordPress plugin prior to version 7.3.0, which lacks authorization and CSRF checks in an AJAX action. This allows any authenticated user to send arbitrary emails on behalf of the blog, exposing a potential abuse vector for unintended messaging. The vulnerability i...