Email Subscribers & Newsletters < 4.2.3 - Multiple Issues



Description
- Unauthenticated Export, leading to disclosure of subscribers data
- Insecure Permissions on Dashboard and Settings
- CSRF on Settings
- Send Test Emails from the Administrative Dashboard as an Authenticated User (with a role of Subscriber and above)
- Unauthenticated Option Creation

Affects Plugin

fixed in version 4.2.3

References

URL https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/

Classification

Type MULTI

Miscellaneous

Views 4408
Verified No
WPVDB ID 9946

Timeline

Publicly Published 2019-11-13 (about 1 month ago)
Added 2019-11-13 (about 1 month ago)
Last Updated 2019-11-28 (17 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin