Main Vulnerability Database Vulnerabilities #VU81710

Improper access control in SendPress Newsletters - CVE-2023-35040

Published: October 9, 2023

Vulnerability identifier: #VU81710

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-35040

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SendPress Newsletters

Software vendor:
SendPress

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-broken-access-control-vulnerability

Improper access control in SendPress Newsletters - CVE-2023-35040

Description

Remediation

External links

Please verify you're human