1 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. Vulnerabilidad de autorización faltante en Kestrel WooCommerce AWeber Newsletter Subscription. Este problema afecta la suscripción al boletín WooCommerce AWeber: desde n/a hasta 4.0.2. The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to reset and change the plugin's access token. • https://patchstack.com/database/vulnerability/woocommerce-aweber-newsletter-subscription/wordpress-woocommerce-aweber-newsletter-subscription-plugin-4-0-1-unauthenticated-access-token-change-reset-vulnerability?_s_id=cve • CWE-862: Missing Authorization •