Page 4 of 16 results (0.004 seconds)
CVSS: 7.5EPSS: 69%CPEs: 1EXPL: 1
CVE-2018-6015 – Email Subscribers & Newsletters <= 3.4.7 - Unauthenticated Subscriber Download
https://notcve.org/view.php?id=CVE-2018-6015
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. Se ha descubierto un problema en el plugin "Email Subscribers Newsletters" en versiones anteriores a la 3.4.8 para WordPress. El envío de una petición HTTP POST a una URI con /? • https://blog.threatpress.com/vulnerability-email-subscribers-plugin https://wordpress.org/plugins/email-subscribers/#developers https://www.exploit-db.com/exploits/43872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •