Elastic Email Subscribe Form Missing Authorization Vulnerability
Vulnerability
A broken access control vulnerability has been identified in the Elastic Email Subscribe Form WordPress plugin, affecting versions through 1.2.2. This vulnerability allows unprivileged users to exploit incorrectly configured access control security levels, potentially leading to unauthorized actions.
Impact
Exploitation of this vulnerability could allow a user with subscriber privileges to perform actions that require higher privileges, due to the missing authorization checks.
Remediation
Users are advised to remove and replace the Elastic Email Subscribe Form plugin, as it is likely abandoned and will not receive further updates or fixes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.