Lucene search
Dmitrii IgnatyevWPEX-ID:5EF34057-AC9B-425A-8EAF-8581B88E2080HistoryJan 30, 2024 - 12:00 a.m.
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
2024-01-3000:00:00
Dmitrii Ignatyev
34
security
csrf
exploit
subscriber
test error
email sending
admin-ajax
wordpress
Description The plugin does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
As a subscriber, open https://example.com/wp-admin/admin-ajax.php?action=test_error
The attack can also be performed via CSRF by making a logged in user open the link aboveRelated
vulnrichment
vulnrichment
wpvulndb
wpvulndb
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
2024-01-30 00:00:00
prion
prion
Cross site request forgery (csrf)
2024-02-27 09:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-7202
2024-02-27 09:15:37
wpexploit
wpexploit
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
2024-01-30 00:00:00
cve
cve
CVE-2023-7202
2024-02-27 09:15:37
wordfence
wordfence
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
9.0%
Related for WPEX-ID:5EF34057-AC9B-425A-8EAF-8581B88E2080