2 matches found
CVE-2019-19980
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users Subscriber or greater access to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wpajax...
CVE-2019-19980
The CVE-2019-19980 entry concerns the WordPress plugin Email Subscribers & Newsletters prior to version 4.2.3. Root cause: the plugin registers a wp_ajax send_test_email function, enabling a privilege-bypass that lets authenticated users (Subscriber and higher) send test emails from the admin das...