Tag Archives: Authenticated Arbitrary Email Sending

9 Dec 2021

Wordfence’s Odd Takeaways From a Situation Involving a Very Insecure Plugin

Yesterday the WordPress focused security company Wordfence disclosed a fixed vulnerability in the WordPress plugin RegistrationMagic. The vulnerability sounds concerning:

This flaw made it possible for unauthenticated attackers to login as any user, including administrative users, on an affected site as long as a valid username or email address was known to the attacker and a login form created with the plugin existed on the site. [Read more]

21 Mar 2017

Vulnerability Details: Authenticated Arbitrary Email Sending Vulnerability in Invite Anyone

_{From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.}

…

[Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Authenticated Arbitrary Email Sending

Wordfence’s Odd Takeaways From a Situation Involving a Very Insecure Plugin

Vulnerability Details: Authenticated Arbitrary Email Sending Vulnerability in Invite Anyone