WordPress Plugin Vulnerabilities

SALERT < 1.2.2 - Subscriber+ Missing Authorization

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the salert_save_settings_with_ajax() function.

Affects Plugins

Plugin icon
salert
Fixed in 1.2.2

References

CVE
CVE-2023-32126

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jonas Höbenreich
Verified
No
WPVDB ID
63dd997b-c680-40bf-96ef-022ea275335b

Timeline

Publicly Published
2023-05-09 (about 3 years ago)
Added
2023-06-12 (about 2 years ago)
Last Updated
2023-06-12 (about 2 years ago)

Other

Published
Title
Published
2023-04-05
Title
WCFM Membership < 2.10.1 - Unauthenticated AJAX Calls
Published
2025-03-31
Title
SP Blog Designer <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-01-07
Title
Post SMTP < 2.9.12 - Missing Authorization via regenerate_qrcode()
Published
2024-02-19
Title
Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization
Published
2025-06-12
Title
myCred < 2.9.4.3 - Missing Authorization