The Directorist WordPress plugin prior to 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpwax directorist |