3 matches found
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation/relay due to insufficient restrictions on the sendMail.php file, affecting versions up to 6.9.3. This allows unauthenticated attackers to send emails via the vulnerable site’s server with arbitra...
CVE-2023-5054 Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...
WordPress Super Store Finder Plugin <= 6.9.3 is vulnerable to Broken Access Control
Software Super Store Finder Type Plugin Vulnerable versions = 6.9.3 Fixed in 6.9.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5054 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 31fa9f5f6872 Credits Etharus Required...