Description

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Remediation

References

CVE-2023-6152

Related Vulnerabilities

WordPress Plugin Opal Estate Cross-Site Request Forgery (1.6.11)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Multiple Vulnerabilities (1.3.6)

WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)

OpenSSL Resource Management Errors Vulnerability (CVE-2011-4619)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0.4)

Severity

Medium

Classification

CVE-2023-6152 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities