2 matches found
WordPress MailPoet Newsletters Unauthenticated File Upload (CVE-2014-4725)
An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server...
CVE-2014-4725
CVE-2014-4725 affects the WordPress plugin MailPoet Newsletters (wysija-newsletters) prior to version 2.6.7. The root cause is a lack of access control that permits unauthenticated remote file uploads via wp-admin/admin-post.php, allowing an attacker to upload a crafted theme to wp-content/upload...