Description

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Remediation

References

CVE-2023-6152

Related Vulnerabilities

WordPress Plugin Donations Privilege Escalation (1.3)

Oracle JRE CVE-2014-0429 Vulnerability (CVE-2014-0429)

WordPress Plugin Simple 301 Redirects-Addon-Bulk Uploader Multiple Security Bypass Vulnerabilities (1.2.4)

WordPress 4.8.x Prototype Pollution (4.8 - 4.8.18)

Oracle Application Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-1371)

Severity

Medium

Classification

CVE-2023-6152 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities