Description

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Remediation

References

CVE-2023-6152

Related Vulnerabilities

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.1.6)

WordPress Plugin Easy Custom Sidebars Unspecified Vulnerability (1.0.1)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3465)

WordPress Plugin WP Social Bookmarking Light Cross-Site Scripting (1.7.9)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)

Severity

Medium

Classification

CVE-2023-6152 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities