CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6496 – Manage Notification E-mails <= 1.8.5 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-6496
08 Dec 2023 — The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings. El complemento Manage Notification E-mails para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 1.8.5 incluida a través de la función card_famne_export_settings. Esto hace posible que atacantes no autenticados obteng... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3007199%40manage-notification-emails%2Ftrunk&old=2920034%40manage-notification-emails%2Ftrunk&sfp_email=&sfph_mail= • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34654 – WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-34654
27 Sep 2022 — Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. Cross-Site Request Forgery (CSRF) en el complemento Virgial Berveling's Manage Notification E-mails en WordPress en versiones <= 1.8.2. The Manage Notification E-mails plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the reset_settings function. This makes it possible for unauthen... • https://patchstack.com/database/vulnerability/manage-notification-emails/wordpress-manage-notification-e-mails-plugin-1-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •