cleantalk
Vulnerabilities and Security Researches

Revision Manager TMC, CVE-2024-7622

CVE, Research URL

CVE-2024-7622

Home page URL

Security reports for Revision Manager TMC

Application

Revision Manager TMC

Published on
Sep 06, 2024
Research Description
The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to send emails with arbitrary content to any individual through the vulnerable web server.
Affected versions
max 2.8.20.
Status
vulnerable
Previous vulnerability researches
Revision Manager TMC (CVE-2026-25411) , Feb 27, 2026
Revision Manager TMC (CVE-2017-1000170) , Jun 06, 2024
Revision Manager TMC (CVE-2024-7622) , Sep 07, 2024
New vulnerability
Serious Slider (CVE-2026-25399) , Feb 28, 2026
Omnipress (CVE-2026-25432) , Feb 28, 2026
MDirector Newsletter (CVE-2025-14852) , Feb 28, 2026
Alma – Pay in installments or later for WooCommerce (CVE-2026-24999) , Feb 28, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026