Lucene search
MetasploitPATCHSTACK:E7E8F8DCC8B5847A5040FCD8CC95B533HistoryJul 07, 2014 - 12:00 a.m.
WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload
2014-07-0700:00:00
metasploit
patchstack.com
8
0.296 Low
EPSS
Percentile
96.9%
MailPoet (Wysija NewsLetters) plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the “admin_init” hook that is executed for unauthenticated users when accessing a specific URL.
Solution
Upgrade the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple share buttons adder | le | 2.6.7 |
References
Related
checkpoint_advisories
checkpoint_advisories
WordPress MailPoet Newsletters Unauthenticated File Upload (CVE-2014-4725)
2014-08-11 00:00:00
cvelist
cvelist
CVE-2014-4725
2014-07-27 18:00:00
openvas
openvas
WordPress MailPoet Newsletters Plugin Remote File Upload Vulnerability
2014-07-28 00:00:00
dsquare
dsquare
WordPress MailPoet Newsletters File Upload
2014-09-01 00:00:00
nvd
nvd
CVE-2014-4725
2014-07-27 18:55:05
prion
prion
Authentication flaw
2014-07-27 18:55:00
nessus
nessus
MailPoet Newsletters for WordPress Arbitrary File Upload
2014-07-16 00:00:00
cve
cve
CVE-2014-4725
2014-07-27 18:55:05