The WordPress plugin, Email Subscribers & Newsletters,... · CVE-2019-19982 · GitHub Advisory Database · GitHub

The WordPress plugin, Email Subscribers & Newsletters,...

Moderate severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.

References

Published by the National Vulnerability Database

Dec 26, 2019

Published to the GitHub Advisory Database May 24, 2022

Last updated Jan 29, 2023