Lucene search
Dmitrii IgnatyevWPEX-ID:D923BA5B-1C20-40EE-AC69-CD0BB65B375AHistoryJan 30, 2024 - 12:00 a.m.
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
2024-01-3000:00:00
Dmitrii Ignatyev
30
subscriber
csrf
test error
Description The plugin does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
As a subscriber, open https://example.com/wp-admin/admin-ajax.php?action=test_error
The attack can also be performed via CSRF by making a logged in user open the link aboveRelated
prion
prion
Cross site request forgery (csrf)
2024-02-27 09:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-7202
2024-02-27 09:15:37
wpvulndb
wpvulndb
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
2024-01-30 00:00:00
wpexploit
wpexploit
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
2024-01-30 00:00:00
cve
cve
CVE-2023-7202
2024-02-27 09:15:37
wordfence
wordfence
9.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:D923BA5B-1C20-40EE-AC69-CD0BB65B375A