CVE-2020-5780 - OpenCVE

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Icegram	Email Subscribers \& Newsletters

Configuration 1 [-]

cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://www.tenable.com/security/research/tra-2020-53	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2020-09-10T14:10:03

Updated: 2020-09-10T14:10:03

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5780

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-10T15:15:32.650

Modified: 2020-09-16T14:37:07.847

Link: CVE-2020-5780

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icegram:email_subscribers_\\&_newsletters:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8FA19A11-AAC3-4991-8C36-9D9BF93EECF0", "versionEndExcluding": "4.5.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing."}, {"lang": "es", "value": "Una falta de autenticaci\u00f3n para Critical Function en Icegram Email Subscribers & Newsletters Plugin para WordPress versiones anteriores a 4.5.6, permite a un atacante no autenticado remoto conducir una falsificaci\u00f3n y suplantaci\u00f3n de correo electr\u00f3nico no autenticado"}], "id": "CVE-2020-5780", "lastModified": "2020-09-16T14:37:07.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-10T15:15:32.650", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-53"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}