104 matches found
MailPoet Newsletters vulnerable to cross-site request forgery
Overview MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Yoshinori Matsumoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a use...
JVN#94409737: MailPoet Newsletters vulnerable to cross-site request forgery
MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...
WordPress plug-in MailPoet memory vulnerabilities or cause the website to be black-and-vulnerability warning-the black bar safety net
7 in early May, according to security company Sucuri research report, downloaded over 1 7 0 million WordPress plug-in MailPoet was traced to the presence of security risks, may result in the site more likely to be a hacker hijacked, according to its indicates, is black the website is still growin...
WordPress MailPoet Newsletters Unauthenticated File Upload (CVE-2014-4725)
An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server...
WordPress MailPoet Newsletters Plugin Remote File Upload Vulnerability
WordPress MailPoet Plugin is prone to remote file upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters wysija-newsletters plugin before 2.6.8 for WordPress has unspecified impact and attack vectors...
CVE-2014-4725
The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...
Authentication flaw
The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...
Design/Logic Flaw
Unspecified vulnerability in the MailPoet Newsletters wysija-newsletters plugin before 2.6.8 for WordPress has unspecified impact and attack vectors...
CVE-2014-4726
CVE-2014-4726 concerns the WordPress MailPoet Newsletters (wysija-newsletters) plugin, affected through versions prior to 2.6.8. The available connected documents confirm an unspecified vulnerability in this plugin with undefined impact and attack vectors; no concrete exploitation details are pro...
CVE-2014-4725
CVE-2014-4725 affects the WordPress plugin MailPoet Newsletters (wysija-newsletters) prior to version 2.6.7. The root cause is a lack of access control that permits unauthenticated remote file uploads via wp-admin/admin-post.php, allowing an attacker to upload a crafted theme to wp-content/upload...
CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters wysija-newsletters plugin before 2.6.8 for WordPress has unspecified impact and attack vectors...
CVE-2014-4725
The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...
50,000 Websites Hacked Through MailPoet WordPress Plugin Vulnerability
The users of WordPress, a free and open source blogging tool as well as content management system CMS, that have a popular unpatched wordPress plugin installed are being cautioned to upgrade their sites immediately. A serious vulnerability in the WordPress plugin, MailPoet, could essentially allo...
WordPress plugin broke vulnerability 1 7 0 million website fear affected-vulnerability warning-the black bar safety net
Recently, security research firm Sucuri said, one of the popular Wordpress plugin MailPoet is suspected there may be vulnerabilities that can allow hackers made the site fully control. MailPoet is a Wordpress flow line for the production and management of promotional emails plugin, downloaded ove...
Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...
WordPress MailPoet Newsletters Plugin <= 2.6.7 - Unspecified vulnerability
Because of this vulnerability, this plugin has unspecified impact and attack vectors. Solution Update the plugin...
WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Arbitrary File Upload (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress MailPoet wysija-newsletters Unauthenticated File Upload', 'Description' = %q The Wordpress plugin "MailPoet Newsletters"...
WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload
MailPoet Wysija NewsLetters plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the "admininit" hook that is executed for unauthenticated users when accessing a specific URL. Solution Upgrade the plugin...
Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress MailPoet wysija-newsletters Unauthenticated File Upload', 'Description' = %q The Wordpress plugin "MailPoet Newsletters"...