PT-2023-32034 · Wp Extra · Wp Extra
Published
2023-09-30
·
Updated
2023-11-27
·
CVE-2023-5314
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP EXtra versions up to, and including, 6.2
Description
The issue allows unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the
register() function. This enables authenticated attackers with minimal permissions to send emails with arbitrary content to arbitrary locations from the affected site's mail server.Recommendations
For WP EXtra versions up to, and including, 6.2, update to a version that includes a fix for the missing capability check in the
register() function to prevent unauthorized email sending.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Extra