Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:C922069F-AA14-4287-8DE5-686FF1489D77
HistoryNov 23, 2023 - 12:00 a.m.

AWeber < 7.3.10 - Missing Authorization via AJAX actions

2023-11-2300:00:00
wpscan.com
5
aweber plugin}{vulnerability}{unauthorized access}{data modification}{wordpress}{ajax actions}{lead generation}{email newsletter

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

24.1%

JSON

Description The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked by AJAX actions in all versions up to, and including, 7.3.9. This makes it possible for subscribers and higher to create and publish pages and modify landing pages.

Related

prion 1
cvelist 1
nvd 1
vulnrichment 1
cve 1
wordfence 1
prion
prion
Cross site request forgery (csrf)
2023-11-17 09:15:00
cvelist
cvelist
CVE-2023-47757 WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control
2023-11-17 08:52:18
nvd
nvd
CVE-2023-47757
2023-11-17 09:15:23
vulnrichment
vulnrichment
CVE-2023-47757 WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control
2023-11-17 08:52:18
cve
cve
CVE-2023-47757
2023-11-17 09:15:23
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)
2023-11-23 20:29:59

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

24.1%

JSON
Related for WPVDB-ID:C922069F-AA14-4287-8DE5-686FF1489D77
prion1cvelist1nvd1vulnrichment1cve1wordfence1