CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41664 – WordPress Easy Newsletter Signups plugin <= 1.0.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41664
01 Sep 2023 — Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4. The Easy Newsletter Signups plugin for WordPress is vulnerable to unauthorized modification and disclosure of data due to a missing capability check on the wpesn_ltable_process_bulk_action() function hooked via admin_init in versions up to, and including, 1.0.4. This makes it possible for unauthenti... • https://patchstack.com/database/wordpress/plugin/easy-newsletter-signups/vulnerability/wordpress-easy-newsletter-signups-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •