5 matches found
CVE-2023-5098
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...
CVE-2023-5098
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...
CVE-2023-5098
CVE-2023-5098: Campaign Monitor Forms by Optin Cat for WordPress (pre-2.5.6) allows a Subscriber+ level attacker to overwrite arbitrary WordPress options by calling an AJAX action (fca_eoi_dismiss) with the value true, enabling a denial-of-service style attack. Root cause is broken access control...
CVE-2023-5098 Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...
WordPress Campaign Monitor Forms Plugin < 2.5.6 is vulnerable to Broken Access Control
Software Campaign Monitor Forms Type Plugin Vulnerable versions 2.5.6 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5098 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 224fc6fd923e Credits Francesco Marano...