- Unauthenticated File Download leading to Information Disclosure - Blind SQL Injection in INSERT statement - Insecure Permissions on Dashboard and Settings - CSRF on Settings - Send Test Emails from the Administrative Dashboard as an Authenticated User (with a role of Subscriber and above) - Unauthenticated Option Creation
CPE | Name | Operator | Version |
---|---|---|---|
email-subscribers | lt | 4.2.3 |