WordPress Plugin Vulnerabilities

Email Subscribers & Newsletters < 5.3.2 - Unauthenticated arbitrary option update

Description

The plugin lacks both authentication and nonce checks in its `es_dismiss_admin_notice` function, allowing an external attacker to set arbitrary plugin options to "yes".

Proof of Concept

Affects Plugins

Plugin icon
email-subscribers
Fixed in 5.3.2

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Jan w Oleju
Submitter
Jan w Oleju
Verified
Yes
WPVDB ID
fd56191a-8a01-4ae4-a1f1-61a6ac210325

Timeline

Publicly Published
2022-02-11 (about 4 years ago)
Added
2022-02-11 (about 4 years ago)
Last Updated
2022-02-11 (about 4 years ago)

Other

Published
Title
Published
2023-12-29
Title
EventPrime < 3.3.6 - Unauthenticated Event Access
Published
2021-05-07
Title
Leads-5050 Visitor Insights < 1.0.4 - Unauthenticated License Change
Published
2022-01-19
Title
WP HTML Mail < 3.1 - Unprotected REST-API Endpoint
Published
2021-04-14
Title
BuddyPress < 7.3.0 - Multiple Authenticated REST API Vulnerabilities
Published
2023-10-16
Title
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion