Mailerpress
Monthly
Privilege escalation in the MailerPress WordPress plugin (versions up to and including 2.0.2) lets an authenticated low-privilege user gain higher privileges through an incorrect privilege assignment flaw. The CVSS 3.1 vector (AV:N/AC:L/PR:L) indicates a network-reachable, low-complexity attack that any authenticated user can perform, yielding full confidentiality, integrity, and availability impact - effectively a takeover of the plugin's protected functionality or the WordPress site. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported through Patchstack.
MailerPress through version 1.4.2 contains a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make arbitrary network requests from the affected server. An attacker with valid credentials could exploit this to access internal services, scan the network, or interact with backend systems. No patch is currently available for this vulnerability.
Privilege escalation in the MailerPress WordPress plugin (versions up to and including 2.0.2) lets an authenticated low-privilege user gain higher privileges through an incorrect privilege assignment flaw. The CVSS 3.1 vector (AV:N/AC:L/PR:L) indicates a network-reachable, low-complexity attack that any authenticated user can perform, yielding full confidentiality, integrity, and availability impact - effectively a takeover of the plugin's protected functionality or the WordPress site. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported through Patchstack.
MailerPress through version 1.4.2 contains a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make arbitrary network requests from the affected server. An attacker with valid credentials could exploit this to access internal services, scan the network, or interact with backend systems. No patch is currently available for this vulnerability.