2 matches found
CVE-2023-5314
WP EXtra plugin for WordPress (any version ≤ 6.2) is affected by a missing capability check in the test-email portion of the register() function, allowing authenticated users with minimal privileges (e.g., subscriber) to send emails with arbitrary content via the site’s mail server. CVSS v3.1 bas...
WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control
Software WP EXtra Type Plugin Vulnerable versions = 6.2 Fixed in 6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5314 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55747fccb396 Credits TP Cyber Security Required privilege...