CVE-2023-5314 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5314 PUBLISHED CVSS 4.300000190734863 MEDIUM

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.

EPSS 0.05% · 16.3th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.05%

16.3th percentile

Affected Products

Vendor	Product	Versions
wpvncom	WP EXtra – One Click Optimize	0, 0, 0
wpvnteam	wp_extra	0, 0, 0

Timeline

Nov 22, 2023 CVE Published
Nov 23, 2023 EPSS Score
Dec 22, 2023 EPSS Score
Jan 21, 2024 EPSS Score
Feb 19, 2024 EPSS Score
Mar 20, 2024 EPSS Score
Apr 18, 2024 EPSS Score
May 17, 2024 EPSS Score
Jun 16, 2024 EPSS Score
Jul 15, 2024 EPSS Score
Aug 13, 2024 EPSS Score
Sep 12, 2024 EPSS Score

References

Open in Interactive Console →