Vulnerabilities > Madewithfuel

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-32964 Unspecified vulnerability in Madewithfuel Better Notifications for WP
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.
network
low complexity
madewithfuel
8.8
2022-02-28 CVE-2022-0345 Missing Authorization vulnerability in Madewithfuel Customize Wordpress Emails and Alerts
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
network
low complexity
madewithfuel CWE-862
4.3