directmailteam/direct-mail is vulnerable to information disclosure. The extension fails to check if an authenticated backend user has access to pages with newsletter subscriber data when using the “Special query” feature.
CPE | Name | Operator | Version |
---|---|---|---|
directmailteam/direct-mail | le | 5.2.3 | |
directmailteam/direct-mail | le | 5.2.3 |