3 matches found
CVE-2023-3407
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to...
CVE-2023-3407
CVE-2023-3407 affects the Subscribe2 WordPress plugin (versions up to 10.40). The issue is CSRF due to missing or incorrect nonce validation when sending test emails, enabling unauthenticated attackers to trigger test emails with custom content by tricking an administrator into performing an acti...
WordPress Subscribe2 Plugin <= 10.40 is vulnerable to Cross Site Request Forgery (CSRF)
Software Subscribe2 Type Plugin Vulnerable versions = 10.40 Fixed in 10.41 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3407 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 26e0461b6319 Credits Marco Wotschka Required...