Vulnerabilities > CVE-2023-5314 - Unspecified vulnerability in Wpvnteam WP Extra

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpvnteam

NVD

Published: 2023-11-22

Updated: 2023-11-27

Summary

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.

Vulnerable Configurations

Part	Description	Count
Application	Wpvnteam Wpvnteam WP Extra 2.0 Wpvnteam WP Extra 2.1 Wpvnteam WP Extra 2.2 Wpvnteam WP Extra 3.0 Wpvnteam WP Extra 3.1 Wpvnteam WP Extra 3.2 Wpvnteam WP Extra 3.3 Wpvnteam WP Extra 3.4 Wpvnteam WP Extra 3.5 Wpvnteam WP Extra 3.6 Wpvnteam WP Extra 3.7 Wpvnteam WP Extra 3.8 Wpvnteam WP Extra 4.0 Wpvnteam WP Extra 4.1 Wpvnteam WP Extra 5.1 Wpvnteam WP Extra 5.2 Wpvnteam WP Extra 5.9 Wpvnteam WP Extra 6.0 Wpvnteam WP Extra 6.1 Wpvnteam WP Extra 6.2	20

Summary

Vulnerable Configurations

References