Description

WordPress Plugin WP Mass Mail is prone to an open email relay vulnerability that lets attackers send mass emails without authentication. An attacker could exploit this issue to send unsolicited spam email to an unrestricted number of email addresses. WordPress Plugin WP Mass Mail version 2.45 is vulnerable; other versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

http://www.securityfocus.com/bid/53818/exploit

http://packetstormsecurity.com/files/113286/WordPress-WP-Mass-Mail-Spoofing.html

http://1337day.com/exploits/18445

Related Vulnerabilities

Oracle JRE CVE-2024-21217 Vulnerability (CVE-2024-21217)

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10379)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26594)

Oracle JRE CVE-2013-2448 Vulnerability (CVE-2013-2448)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update