directmailteam/direct-mail uses insecure access controls. The extension fails to check if an authenticated backend user has access to newsletter subscriber tables (e.g. tt_address, fe_users) when using the CSV export function of the extension.
CPE | Name | Operator | Version |
---|---|---|---|
directmailteam/direct-mail | le | 5.2.3 | |
directmailteam/direct-mail | le | 5.2.3 |