WordPress plugin Email Subscribers & Newsletters before 4.2.3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

WordPress plugin Email Subscribers & Newsletters before 4.2.3 suffers from improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://wpvulndb.com/vulnerabilities/9946


Details

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.

 

Vulnerable Systems:

WordPress plugin Email Subscribers & Newsletters before 4.2.3

 

CVE Information:

CVE-2019-19981

 

Disclosure Timeline:
Published Date:12/25/2019

Categories: News