Lucene search
WPScanCVELIST:CVE-2023-5098HistoryOct 31, 2023 - 1:54 p.m.
CVE-2023-5098 Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
2023-10-3113:54:44
WPScan
www.cve.org
cve-2023-5098
wordpress plugin
arbitrary options update
privilege escalation
denial of service
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string “true”, which could lead to a variety of outcomes, including DoS.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Campaign Monitor Forms by Optin Cat",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.5.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
2023-10-09 00:00:00
prion
prion
Design/Logic Flaw
2023-10-31 14:15:00
nvd
nvd
CVE-2023-5098
2023-10-31 14:15:12
cve
cve
CVE-2023-5098
2023-10-31 14:15:12
wpvulndb
wpvulndb
Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
2023-10-09 00:00:00
wordfence
wordfence