Security Advisory

CVE-2023-7202

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-27 08:30:23

Last updated 2024-10-28 00:09:36

Assigner WPScan

State PUBLISHED

Description

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF

← Browse all CVEs View on cve.org ↗