2 matches found
WordPress Ultimate Auction plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation vulnerability
Missing Authorization to Unauthenticated Email Creation vulnerability discovered by Lucio Sá in WordPress Plugin Ultimate Auction versions = 4.2.7...
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...