WordPress Plugin Vulnerabilities
WP Email Capture < 3.11 - Unauthenticated Email Capture Download
Description
The plugin does not have authorisation in the wp_email_capture_options_process function, hooked to admin_init, allowing unauthenticated users to download Email Captures and retrieve email addresses
Affects Plugins
References
CVE
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nguyen Anh Tien
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-03-15 (about 1 years ago)
Added
2023-05-03 (about 1 years ago)
Last Updated
2023-05-03 (about 1 years ago)