MailPoet (Wysija NewsLetters) plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the “admin_init” hook that is executed for unauthenticated users when accessing a specific URL.
Upgrade the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
simple share buttons adder | le | 2.6.7 |