3 matches found
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...
CVE-2020-36727
The CVE-2020-36727 entry describes an insecure deserialization flaw in the Newsletter Manager WordPress plugin (versions up to 1.5.1) caused by unsanitized input via the customFieldsDetails parameter, enabling unauthenticated attackers to inject a serialized PHP object. Documented impact indicate...
CVE-2020-36727 Newsletter Manager <= 1.5.1 - Insecure Deserialization
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...