← Volver a CVEs
CVE-2023-7202
MEDIUM6.1
Descripcion
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado2/27/2024
Ultima modificacion5/1/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
verygoodplugins:fatal_error_notify
Debilidades (CWE)
CWE-352
Referencias
https://research.cleantalk.org/cve-2023-7202-fatal-error-notify-error-email-sending-csrf/(contact@wpscan.com)
https://wpscan.com/vulnerability/d923ba5b-1c20-40ee-ac69-cd0bb65b375a/(contact@wpscan.com)
https://research.cleantalk.org/cve-2023-7202-fatal-error-notify-error-email-sending-csrf/(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/d923ba5b-1c20-40ee-ac69-cd0bb65b375a/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.