CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3.
Explanation of Vulnerability in Simple Terms
The GetResponse Email Marketing for WordPress plugin through version 1.5.3 fails to properly check user permissions before allowing certain actions. A logged-in user with low privileges can modify data they should not have access to, such as email campaigns or subscriber lists. Site administrators should update the plugin immediately to prevent unauthorized changes to marketing content and subscriber information.
What an attacker can do
A logged-in user can modify email campaigns, subscriber lists, or other marketing data without proper authorization.
Potential impact on your site
Unauthorized users can alter or delete email campaigns and subscriber data, disrupting marketing operations and potentially exposing subscriber information.
Conditions required to exploit
Attacker must have a low-privilege WordPress account (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities
