Authorization Bypass Vulnerability in Caldera SMTP Mailer
CVE-2024-56003

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Caldera Smtp Mailer
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-56003?

The vulnerability identified as CVE-2024-56003 presents a critical security risk due to missing authorization controls in the Caldera SMTP Mailer plugin, developed by David Cramer. This flaw affects all versions up to and including 1.0.1, allowing unauthorized users to exploit access controls and potentially send emails without proper authentication. Organizations utilizing this plugin should take immediate action to mitigate risks by updating to the latest versions and reviewing their security practices.

Affected Version(s)

Caldera SMTP Mailer <= 1.0.1

References

https://patchstack.com/database/wordpress/plugin/caldera-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Mika (Patchstack Alliance)

WordPress

What is CVE-2024-56003?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit