cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1844,https://securityvulnerability.io/vulnerability/CVE-2023-1844,Unauthorized Email Access in Subscribe2 Plugin for WordPress,"The Subscribe2 plugin for WordPress suffers from an authorization bypass issue, allowing attackers with author-level access to send unauthorized emails to site users. This vulnerability arises from the absence of a capability check when sending test emails, which means that attackers can exploit this flaw to send emails containing arbitrary content and attachments. It's crucial for administrators using the Subscribe2 plugin to update to the latest version to mitigate the risk associated with this vulnerability.",Wordpress,"Subscribe2 – Form, Email Subscribers & Newsletters",4.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,2023-06-28T03:15:00.000Z,0
CVE-2023-3407,https://securityvulnerability.io/vulnerability/CVE-2023-3407,Cross-Site Request Forgery in Subscribe2 Plugin for WordPress,"The Subscribe2 plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability in versions up to 10.40. This vulnerability stems from missing or inadequate nonce validation when sending test emails. Consequently, an unauthenticated attacker could exploit this weakness to send deceptive test emails containing custom messages to users of affected sites. This is achievable through the manipulation of site administrators into executing actions, such as clicking on malicious links, which triggers the forged requests.",Wordpress,"Subscribe2 – Form, Email Subscribers & Newsletters",4.3,MEDIUM,0.0011399999493733048,false,,false,false,false,,false,false,2023-06-28T03:15:00.000Z,0