Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
- https://research.cleantalk.org/cve-2023-7202-fatal-error-notify-error-email-sending-csrf/
- https://wpscan.com/vulnerability/d923ba5b-1c20-40ee-ac69-cd0bb65b375a/
- https://github.com/20142995/nuclei-templates