Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection

Affects Plugin

References

CVE 2019-20361
URL https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Chloe Chamberland (Wordfence)
Views 4015
Verified No
WPVDB ID 9947

Timeline

Publicly Published 2019-11-13 (8 months ago)
Added 2019-11-13 (8 months ago)
Last Updated 2020-04-27 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin