Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
CVE-2023-5098
8.1HIGH
Summary
The Campaign Monitor Forms plugin by Optin Cat, prior to version 2.5.6, is susceptible to an authorization bypass issue, allowing users with low-level access, such as subscribers, to overwrite site options with the value "true". This vulnerability poses significant risks, including potential disruption of service, as it could lead to a range of negative outcomes affecting the site's functionality.
Affected Version(s)
Campaign Monitor Forms by Optin Cat 0 < 2.5.6
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Francesco Marano
WPScan