VDB

CVE-2023-5314

CVE-2023-5314 PUBLISHED CVSS 4.300000190734863 MEDIUM

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.

EPSS 0.07% · 20.4th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.07%
20.4th percentile

Affected Products

VendorProductVersions
wpvncomWP EXtra – One Click Optimize0, 0, 0
wpvnteamwp_extra0, 0, 0

Exploit Intelligence

Timeline

  • Nov 22, 2023 CVE Published
  • Nov 23, 2023 EPSS Score
  • Dec 23, 2023 EPSS Score
  • Jan 22, 2024 EPSS Score
  • Feb 21, 2024 EPSS Score
  • Mar 22, 2024 EPSS Score
  • Apr 21, 2024 EPSS Score
  • May 21, 2024 EPSS Score
  • Jun 20, 2024 EPSS Score
  • Jul 19, 2024 EPSS Score
  • Aug 18, 2024 EPSS Score
  • Sep 17, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›