CVE-2019-19980
Published: Dec 26, 2019
Modified: Aug 5, 2024
CVSS v3.0
4.3
Description
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AC:L/AV:N/A:L/C:N/I:N/PR:L/S:U/UI:N
Attack Complexity
Attack Vector
Availability
Confidentiality
Integrity
Privileges Required
Scope
User Interaction
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now