MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Remote Code Execution

Sign up to our free email alerts service for instant vulnerability notifications!

Affects

Plugin wysija-newsletters
fixed in version 2.6.7

References

CVE 2014-4725
EXPLOITDB 33991
METASPLOIT exploit/unix/webapp/wp_wysija_newsletters_upload
SECUNIA 59455
URL http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
URL http://www.openwall.com/lists/oss-security/2014/07/02/1

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Views 305
Verified Yes
WPVDB ID 6680

Timeline

Added 2014-08-01 (almost 3 years ago)
Last Updated 2015-05-15 (about 2 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.