4 matches found
CVE-2023-1844
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...
CVE-2023-1844
creationtimestamp| type| source ---|---|--- 2023-06-28 07:12:33+00:00| seen| https://t.me/cibsecurity/65595...
CVE-2023-1844
The CVE-2023-1844 entry concerns the WordPress plugin Subscribe2. The vulnerability arises from a missing capability check when sending test emails, enabling author-level attackers to send emails with arbitrary content/attachments to site users in versions up to and including 10.40. The impact is...
WordPress Subscribe2 Plugin <= 10.40 is vulnerable to Broken Access Control
Software Subscribe2 Type Plugin Vulnerable versions = 10.40 Fixed in 10.41 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1844 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c2b898b697a Credits Marco Wotschka Required privilege...