1 results (0.001 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. El complemento Campaign Monitor Forms by Optin Cat de WordPress anterior a 2.5.6 no impide que los usuarios con privilegios bajos (como suscriptores) sobrescriban cualquier opción en un sitio con la cadena "true", lo que podría conducir a una variedad de resultados, incluido DoS. The Campaign Monitor Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss_notice function in versions up to, and including, 2.5.5. This makes it possible for authenticated attackers to update arbitrary options to a value of 'true'. • https://wpscan.com/vulnerability/3167a83c-291e-4372-a42e-d842205ba722 • CWE-862: Missing Authorization •