repost
· · to read

Responsible disclosure of unpatched vulnerability CVE-2023-1430 in FluentCRM by WPManageNinja (with mitigation patch): https://github.com/karlemilnikka/CVE-2023-1430.

tl;dr Attackers can view and edit contact details in FluentCRM. WPManageNinja hasn’t patched the vulnerability within the 90-day responsible disclosure time window. I provide a mitigation snippet to prevent vulnerability exploitation while waiting for an official patch.

#wordpress #wpmanageninja #fluentcrm #cve20231430

@karlemilnikka

Leave a comment
Categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)