Lucene search
K

104 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/26 4:33 a.m.6 views

MailPoet Newsletters vulnerable to cross-site request forgery

Overview MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Yoshinori Matsumoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a use...

6.8CVSS6.5AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/26 12:0 a.m.25 views

JVN#94409737: MailPoet Newsletters vulnerable to cross-site request forgery

MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.2AI score0.0107EPSS
Exploits0
myhack58
myhack58
added 2014/08/17 12:0 a.m.18 views

WordPress plug-in MailPoet memory vulnerabilities or cause the website to be black-and-vulnerability warning-the black bar safety net

7 in early May, according to security company Sucuri research report, downloaded over 1 7 0 million WordPress plug-in MailPoet was traced to the presence of security risks, may result in the site more likely to be a hacker hijacked, according to its indicates, is black the website is still growin...

0.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/08/11 12:0 a.m.17 views

WordPress MailPoet Newsletters Unauthenticated File Upload (CVE-2014-4725)

An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server...

7.5CVSS4.8AI score0.59682EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/07/28 12:0 a.m.56 views

WordPress MailPoet Newsletters Plugin Remote File Upload Vulnerability

WordPress MailPoet Plugin is prone to remote file upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.7AI score0.59682EPSS
Exploits2References4
NVD
NVD
added 2014/07/27 6:55 p.m.17 views

CVE-2014-4726

Unspecified vulnerability in the MailPoet Newsletters wysija-newsletters plugin before 2.6.8 for WordPress has unspecified impact and attack vectors...

7.5CVSS6.7AI score0.01712EPSS
Exploits0References2
NVD
NVD
added 2014/07/27 6:55 p.m.16 views

CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

7.5CVSS7.7AI score0.59682EPSS
Exploits2References6
Prion
Prion
added 2014/07/27 6:55 p.m.12 views

Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

7.5CVSS8.3AI score0.59682EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2014/07/27 6:55 p.m.9 views

Design/Logic Flaw

Unspecified vulnerability in the MailPoet Newsletters wysija-newsletters plugin before 2.6.8 for WordPress has unspecified impact and attack vectors...

7.5CVSS7.2AI score0.01712EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/07/27 6:0 p.m.35 views

CVE-2014-4726

CVE-2014-4726 concerns the WordPress MailPoet Newsletters (wysija-newsletters) plugin, affected through versions prior to 2.6.8. The available connected documents confirm an unspecified vulnerability in this plugin with undefined impact and attack vectors; no concrete exploitation details are pro...

7.5CVSS6.9AI score0.01712EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/07/27 6:0 p.m.141 views

CVE-2014-4725

CVE-2014-4725 affects the WordPress plugin MailPoet Newsletters (wysija-newsletters) prior to version 2.6.7. The root cause is a lack of access control that permits unauthenticated remote file uploads via wp-admin/admin-post.php, allowing an attacker to upload a crafted theme to wp-content/upload...

7.5CVSS7.9AI score0.59682EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2014/07/27 6:0 p.m.24 views

CVE-2014-4726

Unspecified vulnerability in the MailPoet Newsletters wysija-newsletters plugin before 2.6.8 for WordPress has unspecified impact and attack vectors...

6.7AI score0.01712EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/07/27 6:0 p.m.31 views

CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

7.7AI score0.59682EPSS
Exploits2References6
The Hacker News
The Hacker News
added 2014/07/23 9:50 p.m.11 views

50,000 Websites Hacked Through MailPoet WordPress Plugin Vulnerability

The users of WordPress, a free and open source blogging tool as well as content management system CMS, that have a popular unpatched wordPress plugin installed are being cautioned to upgrade their sites immediately. A serious vulnerability in the WordPress plugin, MailPoet, could essentially allo...

7.8AI score
Exploits0
myhack58
myhack58
added 2014/07/23 12:0 a.m.19 views

WordPress plugin broke vulnerability 1 7 0 million website fear affected-vulnerability warning-the black bar safety net

Recently, security research firm Sucuri said, one of the popular Wordpress plugin MailPoet is suspected there may be vulnerabilities that can allow hackers made the site fully control. MailPoet is a Wordpress flow line for the production and management of promotional emails plugin, downloaded ove...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/08 12:0 a.m.26 views

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2014/07/08 12:0 a.m.12 views

WordPress MailPoet Newsletters Plugin <= 2.6.7 - Unspecified vulnerability

Because of this vulnerability, this plugin has unspecified impact and attack vectors. Solution Update the plugin...

7.5CVSS6AI score0.01712EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2014/07/07 12:0 a.m.50 views

WordPress Plugin MailPoet Newsletters 2.6.8 - &#039;wysija-newsletters&#039; Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress MailPoet wysija-newsletters Unauthenticated File Upload', 'Description' = %q The Wordpress plugin "MailPoet Newsletters"...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2014/07/07 12:0 a.m.23 views

WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload

MailPoet Wysija NewsLetters plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the "admininit" hook that is executed for unauthenticated users when accessing a specific URL. Solution Upgrade the plugin...

7.5CVSS3.2AI score0.59682EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2014/07/06 12:0 a.m.21 views

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress MailPoet wysija-newsletters Unauthenticated File Upload', 'Description' = %q The Wordpress plugin "MailPoet Newsletters"...

0.1AI score
Exploits0
Rows per page
Query Builder