Lucene search

[email protected]CVE-2014-4725

HistoryJul 27, 2014 - 6:55 p.m.

CVE-2014-4725

2014-07-2718:55:05

CWE-287

[email protected]

web.nvd.nist.gov

mailpoet newsletters

wordpress

remote attackers

php code execution

authentication bypass

cve-2014-4725

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.296 Low

EPSS

Percentile

97.0%

JSON

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Affected configurations

NVD

Node

mailpoetmailpoet_newslettersRange≤2.6.6wordpress

mailpoetmailpoet_newslettersMatch0.9wordpress

mailpoetmailpoet_newslettersMatch0.9.1wordpress

mailpoetmailpoet_newslettersMatch0.9.2wordpress

mailpoetmailpoet_newslettersMatch0.9.6wordpress

mailpoetmailpoet_newslettersMatch1.0wordpress

mailpoetmailpoet_newslettersMatch1.0.1wordpress

mailpoetmailpoet_newslettersMatch1.1wordpress

mailpoetmailpoet_newslettersMatch1.1.1wordpress

mailpoetmailpoet_newslettersMatch1.1.2wordpress

mailpoetmailpoet_newslettersMatch1.1.3wordpress

mailpoetmailpoet_newslettersMatch1.1.4wordpress

mailpoetmailpoet_newslettersMatch1.1.5wordpress

mailpoetmailpoet_newslettersMatch2.0wordpress

mailpoetmailpoet_newslettersMatch2.0.1wordpress

mailpoetmailpoet_newslettersMatch2.0.2wordpress

mailpoetmailpoet_newslettersMatch2.0.3wordpress

mailpoetmailpoet_newslettersMatch2.0.4wordpress

mailpoetmailpoet_newslettersMatch2.0.5wordpress

mailpoetmailpoet_newslettersMatch2.0.6wordpress

mailpoetmailpoet_newslettersMatch2.0.7wordpress

mailpoetmailpoet_newslettersMatch2.0.8wordpress

mailpoetmailpoet_newslettersMatch2.0.9wordpress

mailpoetmailpoet_newslettersMatch2.0.9.5wordpress

mailpoetmailpoet_newslettersMatch2.1wordpress

mailpoetmailpoet_newslettersMatch2.1.1wordpress

mailpoetmailpoet_newslettersMatch2.1.2wordpress

mailpoetmailpoet_newslettersMatch2.1.3wordpress

mailpoetmailpoet_newslettersMatch2.1.4wordpress

mailpoetmailpoet_newslettersMatch2.1.5wordpress

mailpoetmailpoet_newslettersMatch2.1.6wordpress

mailpoetmailpoet_newslettersMatch2.1.7wordpress

mailpoetmailpoet_newslettersMatch2.1.8wordpress

mailpoetmailpoet_newslettersMatch2.1.9wordpress

mailpoetmailpoet_newslettersMatch2.2wordpress

mailpoetmailpoet_newslettersMatch2.2.1wordpress

mailpoetmailpoet_newslettersMatch2.2.2wordpress

mailpoetmailpoet_newslettersMatch2.2.3wordpress

mailpoetmailpoet_newslettersMatch2.3wordpress

mailpoetmailpoet_newslettersMatch2.3.1wordpress

mailpoetmailpoet_newslettersMatch2.3.2wordpress

mailpoetmailpoet_newslettersMatch2.3.3wordpress

mailpoetmailpoet_newslettersMatch2.3.4wordpress

mailpoetmailpoet_newslettersMatch2.3.5wordpress

mailpoetmailpoet_newslettersMatch2.4wordpress

mailpoetmailpoet_newslettersMatch2.4.1wordpress

mailpoetmailpoet_newslettersMatch2.4.2wordpress

mailpoetmailpoet_newslettersMatch2.4.3wordpress

mailpoetmailpoet_newslettersMatch2.4.4wordpress

mailpoetmailpoet_newslettersMatch2.5wordpress

mailpoetmailpoet_newslettersMatch2.5.1wordpress

mailpoetmailpoet_newslettersMatch2.5.2wordpress

mailpoetmailpoet_newslettersMatch2.5.3wordpress

mailpoetmailpoet_newslettersMatch2.5.4wordpress

mailpoetmailpoet_newslettersMatch2.5.5wordpress

mailpoetmailpoet_newslettersMatch2.5.7wordpress

mailpoetmailpoet_newslettersMatch2.5.8wordpress

mailpoetmailpoet_newslettersMatch2.5.9wordpress

mailpoetmailpoet_newslettersMatch2.5.9.1wordpress

mailpoetmailpoet_newslettersMatch2.5.9.2wordpress

mailpoetmailpoet_newslettersMatch2.5.9.3wordpress

mailpoetmailpoet_newslettersMatch2.5.9.4wordpress

mailpoetmailpoet_newslettersMatch2.6wordpress

mailpoetmailpoet_newslettersMatch2.6betawordpress

mailpoetmailpoet_newslettersMatch2.6.1wordpress

mailpoetmailpoet_newslettersMatch2.6.2wordpress

mailpoetmailpoet_newslettersMatch2.6.3wordpress

mailpoetmailpoet_newslettersMatch2.6.4wordpress

mailpoetmailpoet_newslettersMatch2.6.5wordpress

CPENameOperatorVersion
mailpoet:mailpoet_newslettersmailpoet mailpoet newslettersle2.6.6
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq0.9
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq0.9.1
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq0.9.2
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq0.9.6
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq1.0
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq1.0.1
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq1.1
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq1.1.1
mailpoet:mailpoet_newslettersmailpoet mailpoet newsletterseq1.1.2

CPE	Name	Operator	Version
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	le	2.6.6
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	0.9
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	0.9.1
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	0.9.2
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	0.9.6
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	1.0
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	1.0.1
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	1.1
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	1.1.1
mailpoet:mailpoet_newsletters	mailpoet mailpoet newsletters	eq	1.1.2