Skip to main content

Customize Wordpress Emails And Alerts

1 CVEs product

Monthly

CVE-2022-0345 MEDIUM POC This Month

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Customize Wordpress Emails And Alerts
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Customize Wordpress Emails And Alerts
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy