Really Simple Security logo

Log out
Get PRO

Latest

Weak configuration vulnerability in Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress by FluentCRM

  • Severity: medium-risk
  • Status: Fixed
  • Publication: March 11, 2023

The FluentCRM – Marketing Automation For WordPress plugin for WordPress is not secure in versions up to 2.7.40. This is because it uses an MD5 hash without a salt to control subscriptions. This makes it easy for unauthenticated attackers with access to an email address to unsubscribe people from lists and change their subscriptions.

Detected in:

Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress by FluentCRM fixed vulnerable versions: >= * <= 2.8.0.1
Email Newsletter, Automation, Email Marketing, Email Campaigns and CRM Solution for WP by FluentCRM fixed vulnerable versions:
Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM fixed vulnerable versions:
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, and CRM Solution fixed vulnerable versions:
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.