WordPress Plugin Vulnerabilities

Send Emails with Mandrill < 1.4.2 - Missing Authorization

Description

The Send Emails with Mandrill plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getAjaxStats() function in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to get stats.

Affects Plugins

Plugin icon
send-emails-with-mandrill
Fixed in 1.4.2

References

CVE
CVE-2024-43208
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/76b8e263-7073-4f93-95cb-0b61580337b3

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
280fb221-cd28-46c9-a2f8-41c0f0a019ca

Timeline

Publicly Published
2024-08-09 (about 1 year ago)
Added
2024-08-13 (about 1 year ago)
Last Updated
2024-09-05 (about 1 year ago)

Other

Published
Title
Published
2026-01-28
Title
ModelTheme Framework < 2.0.0 - Missing Authorization
Published
2025-10-24
Title
BackWPup < 5.5.1 - Missing Authorization to Sensitive Information Exposure
Published
2024-10-17
Title
Photo Gallery Builder <= 3.0 - Missing Authorization
Published
2023-12-08
Title
Manage Notification E-mails < 1.8.6 - Missing Authorization
Published
2023-11-19
Title
Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders