There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CPE | Name | Operator | Version |
---|---|---|---|
email_subscribers_\\&_newsletters | lt | 4.3.1 |