Plugin <= 2.7.4 is vulnerable to Broken Access Control

Viewing 1 replies (of 1 total)

  • Good evening. Any chance this issue is creating an exposure that allows a bot to trigger subscription notices to batches of random, non-subscriber emails on the same 60-minute default email notification schedule as legitimate subscribers? Recently I’ve noticed hundreds of batch email notifications being sent, please see the attached screengrab. Thanks for your help, and for letting me know if we should downgrade to 2.7.3 until this issue is resolved.

    Cheers!

    Screenshot of email notification: https://app.box.com/s/6lkke2of0yqbafr50r0fkqxefcs9l9ou

Viewing 1 replies (of 1 total)
  • The topic ‘Plugin <= 2.7.4 is vulnerable to Broken Access Control’ is closed to new replies.