WordPress Plugin Vulnerabilities

Manage Notification E-mails < 1.8.6 - Missing Authorization

Description

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings.

Affects Plugins

Plugin icon
manage-notification-emails
Fixed in 1.8.6

References

CVE
CVE-2023-6496
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/048bc117-88df-44b3-a30c-692bad23050f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
3c0ae084-f044-4a2f-a0f2-eced1cf079c7

Timeline

Publicly Published
2023-12-08 (about 2 years ago)
Added
2023-12-08 (about 2 years ago)
Last Updated
2023-12-08 (about 2 years ago)

Other

Published
Title
Published
2026-01-13
Title
Solace < 2.1.17 - Missing Authorization
Published
2026-03-09
Title
Booktics < 1.0.17 - Unauthenticated Get Items via REST API endpoints
Published
2025-10-21
Title
Persian Admnin Fonts < 4.1.05 - Missing Authorization
Published
2024-01-19
Title
ColorMag < 3.1.3 - Missing Authorization to Arbitrary Plugin Installation
Published
2025-12-15
Title
Cookie Notice for GDPR, CCPA & ePrivacy Consent < 4.0.8 - Missing Authorization