Missing Authentication Vulnerability in Icegram Email Subscribers Plugin for WordPress
CVE-2020-5780

5.3MEDIUM

Key Information:

Vendor

Wordpress
Status
Icegram Email Subscribers & Newsletters Plugin For WordPress
Vendor
CVE Published:
10 September 2020

What is CVE-2020-5780?

The Icegram Email Subscribers & Newsletters Plugin for WordPress is affected by a vulnerability that allows remote attackers to forge email messages without authentication. This issue arises because the plugin lacks adequate safeguards on critical functions, enabling unauthorized users to exploit the vulnerability and spoof email communications. It is vital for users to upgrade to version 4.5.6 or later to protect against unauthorized email forgery.

Affected Version(s)

Icegram Email Subscribers & Newsletters Plugin for WordPress Prior to 4.5.6

References

https://www.tenable.com/security/research/tra-2020-53
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.