WordPress plugin Email Subscribers & Newsletters before 4.2.3 Improper Privilege Management Vulnerability

Summary

WordPress plugin Email Subscribers & Newsletters before 4.2.3 suffers from improper privilege management vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://wpvulndb.com/vulnerabilities/9946


Details

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email.

 

Vulnerable Systems:

WordPress plugin Email Subscribers & Newsletters before 4.2.3

 

CVE Information:

CVE-2019-19980

 

Disclosure Timeline:
Published Date:12/25/2019

Categories: News