🔐 CVE Alert

CVE-2023-1430

MEDIUM 6.5

FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.

CWE CWE-759
Vendor techjewel
Product fluentcrm – email newsletter, automation, email marketing, email campaigns, optins, leads, and crm solution
Published Jun 9, 2023
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for techjewel fluentcrm – email newsletter, automation, email marketing, email campaigns, optins, leads, and crm solution

Be the first to know when new medium vulnerabilities affecting techjewel fluentcrm – email newsletter, automation, email marketing, email campaigns, optins, leads, and crm solution are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

techjewel / FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution
0 ≤ 2.8.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2899218/fluent-crm/tags/2.8.0/app/Hooks/Handlers/ExternalPages.php?old=2873074&old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php github.com: https://github.com/karlemilnikka/CVE-2023-1430 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2924787%40fluent-crm&new=2924787%40fluent-crm&sfp_email=&sfph_mail=

Credits

Karl Emil Nikka