Newsletter < 6.5.4 - CSV Injection



Description
"A CSV Injection vulnerability was discovered in Wordpress Newsletter plugin. It allows a user with low level privileges or no privileges to inject a command in subscription form that will be included in the exported CSV file, leading to possible code execution."

Affects Plugin

fixed in version 6.5.4

References

URL https://fortiguard.com/zeroday/FG-VD-20-045

Classification

Type UNKNOWN

Miscellaneous

Original Researcher Vishnupriya Ilango of Fortinet's FortiGuard Labs
Views 2862
Verified No
WPVDB ID 10135

Timeline

Publicly Published 2020-03-16 (4 months ago)
Added 2020-03-17 (4 months ago)
Last Updated 2020-03-18 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin