Impact
The vulnerability is an unauthenticated broken authentication flaw in the WordPress Email Marketing for WooCommerce by Omnisend plugin versions 1.18.0 and earlier. It is identified as CWE‑288 and allows attackers to bypass authentication checks without providing valid credentials.
Affected Systems
The WordPress Email Marketing for WooCommerce by Omnisend plugin, versions 1.18.0 and earlier, is affected. The plugin is used on WordPress sites that integrate WooCommerce with email marketing services.
Risk and Exploitability
The vulnerability has a CVSS score of 7.5 and an EPSS score of less than 1%, indicating moderate severity and a low likelihood of exploitation. It is not listed in the CISA KEV catalog. Based on the nature of the flaw, it is inferred that the attack vector would involve unauthenticated network requests to the plugin’s endpoints, exploiting the weak authentication mechanism. This inference suggests that an attacker could potentially gain unauthorized access to areas of the site that normally require authentication.
OpenCVE Enrichment