The plugin does not properly secure the use of MD5 hash without a salt to control subscriptions, making it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions.
CPE | Name | Operator | Version |
---|---|---|---|
fluent-crm | lt | 2.8.0 |