CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35040 – WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35040
11 Aug 2023 — Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6. Vulnerabilidad de autorización faltante en SendPress SendPress Newsletters. Este problema afecta a SendPress Newsletters: desde n/a hasta 1.23.11.6. The SendPress Newsletters plugin for WordPress is vulnerable to unauthorized modification of due to a missing capability check on multiple REST routes that initiate cron execution in versions up to, and including, 1.23.11.... • https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •