|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-28 | |
| Rule Name: | WordPress Email Subscribers And Newsletters 4.2.3 Arbitrary File Retrieval Vulnerability (CVE-2019-19985) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/ |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://wordpress.org/plugins/email-subscribers/ |