CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20853 – MailPoet Newsletters <= 2.8.1 - Spam Injection
https://notcve.org/view.php?id=CVE-2018-20853
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. Se descubrió un problema en el plugin MailPoet Newsletters (también se conoce como wysija-newsletters) versiones anteriores a la versión 2.8.2 para WordPress. El plugin es vulnerable a los ataques de SPAM. • https://wordpress.org/plugins/wysija-newsletters/#developers • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 73EXPL: 0CVE-2014-3907 – MailPoet Newsletters (Previous) <= 2.6.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en el plugin MailPoet Newsletters (wysija-newsletters) anterior a 2.6.11 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jvn.jp/en/jp/JVN94409737/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000101 http://wordpress.org/plugins/wysija-newsletters/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 28%CPEs: 69EXPL: 2CVE-2014-4725 – MailPoet Newsletters <= 2.6.6 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4725
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. El plugin MailPoet Newsletters (wysija-newsletters) anterior a 2.6.7 para WordPress permite a atacantes remotos evadir la autenticación y ejecutar código PHP arbitrario mediante la subida de un tema a través de wp-admin/admin-post.php y el acceso al tema en wp-content/uploads/wysija/themes/mailp/. • https://www.exploit-db.com/exploits/33991 http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html http://www.openwall.com/lists/oss-security/2014/07/0 • CWE-287: Improper Authentication CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2014-4726 – MailPoet Newsletters <= 2.6.7 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. Vulnerabilidad no especificada en el plugin MailPoet Newsletters (wysija-newsletters) anterior a 2.6.8 para WordPress tiene impacto y vectores de ataque no especificados. • http://www.openwall.com/lists/oss-security/2014/07/08/7 https://wordpress.org/plugins/wysija-newsletters/changelog • CWE-639: Authorization Bypass Through User-Controlled Key •