CVE-2023-47244
WordPress Email Marketing for WooCommerce by Omnisend Plugin <= 1.13.8 is vulnerable to Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.
Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Omnisend Email Marketing para WooCommerce de Omnisend. Este problema afecta al Email Marketing para WooCommerce de Omnisend: desde n/a hasta 1.13.8.
The Email Marketing for WooCommerce by Omnisend plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the status REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive user information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-03 CVE Reserved
- 2023-11-07 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Omnisend Search vendor "Omnisend" | Email Marketing For Woocommerce Search vendor "Omnisend" for product "Email Marketing For Woocommerce" | < 1.13.9 Search vendor "Omnisend" for product "Email Marketing For Woocommerce" and version " < 1.13.9" | wordpress |
Affected
|