Email Subscribers & Newsletters < 4.2.3 - Multiple Issues



Description
- Unauthenticated Export, leading to disclosure of subscribers data
- Insecure Permissions on Dashboard and Settings
- CSRF on Settings
- Send Test Emails from the Administrative Dashboard as an Authenticated User (with a role of Subscriber and above)
- Unauthenticated Option Creation

Affects Plugin

References

CVE 2019-19985
CVE 2019-19984
CVE 2019-19982
CVE 2019-19981
CVE 2019-19980
URL https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/

Classification

Type MULTI

Miscellaneous

Views 11720
Verified No
WPVDB ID 9946

Timeline

Publicly Published 2019-11-13 (8 months ago)
Added 2019-11-13 (8 months ago)
Last Updated 2019-12-27 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin