CVE-2023-3407

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 28, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-3407 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Subscribe2 plugin for WordPress. Versions up to and including 10.40 are susceptible to this issue. The vulnerability arises due to insufficient nonce validation during the test email sending process. This defect enables unauthenticated attackers to manipulate users on vulnerable websites into performing actions, such as clicking on malicious links, resulting in the attacker's ability to send custom test emails on behalf of the site administrator.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ryK4Lm
https://www.cve.org/CVERecord?id=CVE-2023-3407
https://nvd.nist.gov/vuln/detail/CVE-2023-3407

Back to Vulnerability Database

CVE-2023-3407

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations