3 matches found
CVE-2023-7202
CVE-2023-7202 affects the Fatal Error Notify WordPress plugin prior to 1.5.3. The root cause is missing authorization checks and CSRF protections in the test_error AJAX action, enabling any authenticated user (e.g., a Subscriber) to trigger error emails to the site admin. This also enables CSRF e...
CVE-2023-7202 Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...
WordPress Fatal Error Notify Plugin < 1.5.3 is vulnerable to Broken Access Control
Software Fatal Error Notify Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55ba4f7fb253 Credits Dmitrii Ignatyev Required...