WordPress Plugin Vulnerabilities

WP Email Capture < 3.11 - Unauthenticated Email Capture Download

Description

The plugin does not have authorisation in the wp_email_capture_options_process function, hooked to admin_init, allowing unauthenticated users to download Email Captures and retrieve email addresses

Affects Plugins

Plugin icon
wp-email-capture
Fixed in 3.11

References

CVE
CVE-2023-28421

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Nguyen Anh Tien
Verified
No
WPVDB ID
b3fc173d-51e9-4be2-9d14-a71f1cb200b1

Timeline

Publicly Published
2023-03-15 (about 1 years ago)
Added
2023-05-03 (about 1 years ago)
Last Updated
2023-05-03 (about 1 years ago)

Other

Published
Title
Published
2024-05-16
Title
ReviewX – Multi-criteria Rating & Reviews for WooCommerce < 1.6.28 - Missing Authorization
Published
2022-11-28
Title
Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure
Published
2024-04-10
Title
Redirection < 1.2.0 - Subscriber+ Unauthorised Action Calls
Published
2023-10-17
Title
Themify Ultra < 7.3.6 - Missing Authorization
Published
2023-09-05
Title
BitPay Checkout for WooCommerce < 5.0.0 - Missing Authorization