Medium severity6.1NVD Advisory· Published Feb 27, 2024· Updated Jun 17, 2026
CVE-2023-7202
CVE-2023-7202
Description
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.5.3
Patches
Vulnerability mechanics
References
2- research.cleantalk.org/cve-2023-7202-fatal-error-notify-error-email-sending-csrf/nvdExploitThird Party Advisory
- wpscan.com/vulnerability/d923ba5b-1c20-40ee-ac69-cd0bb65b375a/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.