Published: 09/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 0

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated malicious users to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpmanageninja fluentcrm

Responsible disclosure of unpatched vulnerability in FluentCRM by WPManageNinja

Update 2023-06-12: You no longer need the snippet WPManageNinja patched the vulnerability two hours after public disclosure (93 days after reporting) Update 2024-01-27: The related issue with with everlasting hash values is now fully addressed Responsible disclosure of unpatched vulnerability CVE-2023-1430 in FluentCRM by WPManageNinja tl;dr Attackers can view and edit conta

https://plugins.trac.wordpress.org/changeset/2899218/fluent-crm/tags/2.8.0/app/Hooks/Handlers/ExternalPages.php?old=2873074&old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php https://www.wordfence.com/threat-intel/vulnerabilities/id/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve https://nvd.nist.gov https://github.com/karlemilnikka/CVE-2023-1430

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1430

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect