MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Remote Code Execution

Affects Plugin

fixed in version 2.6.7

References

CVE 2014-4725
EXPLOITDB 33991
METASPLOIT exploit/unix/webapp/wp_wysija_newsletters_upload
URL https://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
URL https://www.openwall.com/lists/oss-security/2014/07/02/1

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Views 4294
Verified Yes
WPVDB ID 6680

Timeline

Publicly Published 2014-08-01 (over 5 years ago)
Added 2014-08-01 (over 5 years ago)
Last Updated 2019-10-21 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin