CVE-2014-4725

2014-07-27T14:55:05
ID CVE-2014-4725
Type cve
Reporter NVD
Modified 2014-07-28T15:18:25

Description

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.