PT-2023-16977 · WordPress · Fluentcrm

Karl Emil Nikka

Publicado

2023-06-09

Atualizado

2023-06-16

CVE-2023-1430

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FluentCRM - Marketing Automation For WordPress versions up to, and including, 2.7.40

Description The issue allows unauthorized modification of data due to the use of an MD5 hash without a salt to control subscriptions. This enables unauthenticated attackers to unsubscribe users from lists and manage subscriptions if they gain access to a targeted subscriber's email address.

Recommendations For versions up to, and including, 2.7.40, update to a version that utilizes a secure hashing method with a salt to control subscriptions.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-759

Identificadores relacionados

CVE-2023-1430

Produtos afetados

Fluentcrm

PT-2023-16977 · WordPress · Fluentcrm

CVE-2023-1430

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6