PT-2024-38889 · WordPress · Newsletters
Name of the Vulnerable Software and Affected Versions: The Newsletters plugin for WordPress versions up to, and including, 4.9.9.2 Description: The issue arises because the plugin does not restrict what user meta can be updated as screen options, making it possible for authenticated attackers wit...