WordPress Plugin Vulnerabilities

Fluent Support < 1.8.1 - Insufficient Authorization on Email Verification

Description

The Fluent Support plugin for WordPress is vulnerable to unauthorized email verification due to insufficient validation on the sendSignupEmailVerificationHtml ()function in versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to verify emails that do not belong to themselves.

Affects Plugins

Plugin icon
fluent-support
Fixed in 1.8.1

References

CVE
CVE-2024-47302
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/039ac1d9-ccb5-43d0-8b17-10d12b7df90e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Khalid Yusuf
Verified
No
WPVDB ID
ce938e40-4ba2-4b4e-958b-a2ab9834fcc9

Timeline

Publicly Published
2024-09-25 (about 1 year ago)
Added
2024-10-02 (about 1 year ago)
Last Updated
2024-10-02 (about 1 year ago)

Other

Published
Title
Published
2023-11-27
Title
Qode Essential Addons < 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Published
2025-12-10
Title
Leaky Paywall < 5.0 - Missing Authorization
Published
2024-12-14
Title
WP-CRM System < 3.4.0 - Unauthenticated Duplicate Contact Settings Update
Published
2026-03-06
Title
MDJM Event Management < 1.7.8.2 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion
Published
2025-01-06
Title
Hive Support – WordPress Help Desk < 1.1.7 - Missing Authorization