Lucene search
+L

CVE-2014-4725

🗓️ 27 Jul 2014 18:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 141 Views🌐 WEB

The MailPoet Newsletters plugin before 2.6.7 for WordPress allows remote attackers to execute arbitrary PHP code

Related
Detection
Refs
Paths
NVD
Node
OR
mailpoetmailpoet_newslettersRange2.6.6wordpress
mailpoetmailpoet_newslettersMatch0.9.1wordpress
mailpoetmailpoet_newslettersMatch0.9.2wordpress
mailpoetmailpoet_newslettersMatch0.9.6wordpress
mailpoetmailpoet_newslettersMatch1.0.1wordpress
mailpoetmailpoet_newslettersMatch1.1.1wordpress
mailpoetmailpoet_newslettersMatch1.1.2wordpress
mailpoetmailpoet_newslettersMatch1.1.3wordpress
mailpoetmailpoet_newslettersMatch1.1.4wordpress
mailpoetmailpoet_newslettersMatch1.1.5wordpress
mailpoetmailpoet_newslettersMatch2.0.1wordpress
mailpoetmailpoet_newslettersMatch2.0.2wordpress
mailpoetmailpoet_newslettersMatch2.0.3wordpress
mailpoetmailpoet_newslettersMatch2.0.4wordpress
mailpoetmailpoet_newslettersMatch2.0.5wordpress
mailpoetmailpoet_newslettersMatch2.0.6wordpress
mailpoetmailpoet_newslettersMatch2.0.7wordpress
mailpoetmailpoet_newslettersMatch2.0.8wordpress
mailpoetmailpoet_newslettersMatch2.0.9wordpress
mailpoetmailpoet_newslettersMatch2.0.9.5wordpress
mailpoetmailpoet_newslettersMatch2.1.1wordpress
mailpoetmailpoet_newslettersMatch2.1.2wordpress
mailpoetmailpoet_newslettersMatch2.1.3wordpress
mailpoetmailpoet_newslettersMatch2.1.4wordpress
mailpoetmailpoet_newslettersMatch2.1.5wordpress
mailpoetmailpoet_newslettersMatch2.1.6wordpress
mailpoetmailpoet_newslettersMatch2.1.7wordpress
mailpoetmailpoet_newslettersMatch2.1.8wordpress
mailpoetmailpoet_newslettersMatch2.1.9wordpress
mailpoetmailpoet_newslettersMatch2.2.1wordpress
mailpoetmailpoet_newslettersMatch2.2.2wordpress
mailpoetmailpoet_newslettersMatch2.2.3wordpress
mailpoetmailpoet_newslettersMatch2.3.1wordpress
mailpoetmailpoet_newslettersMatch2.3.2wordpress
mailpoetmailpoet_newslettersMatch2.3.3wordpress
mailpoetmailpoet_newslettersMatch2.3.4wordpress
mailpoetmailpoet_newslettersMatch2.3.5wordpress
mailpoetmailpoet_newslettersMatch2.4.1wordpress
mailpoetmailpoet_newslettersMatch2.4.2wordpress
mailpoetmailpoet_newslettersMatch2.4.3wordpress
mailpoetmailpoet_newslettersMatch2.4.4wordpress
mailpoetmailpoet_newslettersMatch2.5.1wordpress
mailpoetmailpoet_newslettersMatch2.5.2wordpress
mailpoetmailpoet_newslettersMatch2.5.3wordpress
mailpoetmailpoet_newslettersMatch2.5.4wordpress
mailpoetmailpoet_newslettersMatch2.5.5wordpress
mailpoetmailpoet_newslettersMatch2.5.7wordpress
mailpoetmailpoet_newslettersMatch2.5.8wordpress
mailpoetmailpoet_newslettersMatch2.5.9wordpress
mailpoetmailpoet_newslettersMatch2.5.9.1wordpress
mailpoetmailpoet_newslettersMatch2.5.9.2wordpress
mailpoetmailpoet_newslettersMatch2.5.9.3wordpress
mailpoetmailpoet_newslettersMatch2.5.9.4wordpress
mailpoetmailpoet_newslettersMatch2.6betawordpress
mailpoetmailpoet_newslettersMatch2.6.1wordpress
mailpoetmailpoet_newslettersMatch2.6.2wordpress
mailpoetmailpoet_newslettersMatch2.6.3wordpress
mailpoetmailpoet_newslettersMatch2.6.4wordpress
mailpoetmailpoet_newslettersMatch2.6.5wordpress
ParameterPositionPathDescriptionCWE
theme_uploadrequest bodywp-admin/admin-post.phpFile upload vulnerability in MailPoet Newsletters plugin allowing remote attackers to upload a crafted theme and bypass authentication to execute arbitrary PHP code via wp-admin/admin-post.php and access the uploaded theme at wp-content/uploads/wysija/themes/mailp/CWE-287
theme_filerequest bodywp-admin/admin-post.phpFile upload vulnerability in MailPoet Newsletters plugin allowing remote attackers to upload a crafted theme and bypass authentication to execute arbitrary PHP code via wp-admin/admin-post.php and access the uploaded theme at wp-content/uploads/wysija/themes/mailp/CWE-287
filerequest bodywp-admin/admin-post.phpFile upload vulnerability in MailPoet Newsletters plugin allowing remote attackers to upload a crafted theme and bypass authentication to execute arbitrary PHP code via wp-admin/admin-post.php and access the uploaded theme at wp-content/uploads/wysija/themes/mailp/CWE-287
uploadrequest bodywp-admin/admin-post.phpFile upload vulnerability in MailPoet Newsletters plugin allowing remote attackers to upload a crafted theme and bypass authentication to execute arbitrary PHP code via wp-admin/admin-post.php and access the uploaded theme at wp-content/uploads/wysija/themes/mailp/CWE-287

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 00:10Current
7.9High risk
Vulners AI Score7.9
CVSS 27.5
EPSS0.59682
141