WordPress Plugin Vulnerabilities

Super Store Finder < 6.9.4 - Unauthenticated Email Creation/Sending

Description

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content.

Affects Plugins

Plugin icon
superstorefinder-wp
Fixed in 6.9.4

References

CVE
CVE-2023-5054
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.8 (medium)

Miscellaneous

Original Researcher
Etharus
Verified
No
WPVDB ID
2170e97f-a5ba-4b20-9114-d5483628ca7c

Timeline

Publicly Published
2023-09-18 (about 2 years ago)
Added
2023-09-20 (about 2 years ago)
Last Updated
2023-10-13 (about 2 years ago)

Other

Published
Title
Published
2024-04-15
Title
Country State City Dropdown CF7 < 2.7.2 - Missing Authorization
Published
2025-11-18
Title
Time Slot < 1.4.8 - Unauthenticated Arbitrary Email Sending
Published
2025-04-09
Title
Eazy Plugin Manager < 4.4.0 - Missing Authorization
Published
2026-01-15
Title
Zoho CRM Lead Magnet <= 1.8.1.7 - Missing Authorization
Published
2025-02-11
Title
WP Table Manager < 4.1.4 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure