The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
[
{
"vendor": "Unknown",
"product": "Fatal Error Notify",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.5.3",
"versionType": "semver"
}
],
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected"
}
]