Main Vulnerability Database Vulnerabilities #VU22767

Improper access control in Email Subscribers & Newsletters - #VU22767

Published: November 14, 2019

Vulnerability identifier: #VU22767

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: icegram

Affected software:
Email Subscribers & Newsletters

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote authenticated user with subscriber and above access can bypass implemented security restrictions and send test emails on behalf of the site owner.

Remediation

Install updates from vendor's website.

Sources

https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newslet...

Improper access control in Email Subscribers & Newsletters - #VU22767

Detailed vulnerability description

Remediation

Sources

Please verify you're human