WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload

Description

The WordPress plugin "MailPoet Newsletters" (wysija-newsletters) before version 2.6.8 is vulnerable to an unauthenticated file upload. An attacker can use the Upload Theme functionality to upload a zip file containing a PHP shell.

Remediation

Upgrade to the latest version of MailPoet Newsletters (this issue was fixed in version 2.6.8).

References

MailPoet Newsletters Changelog

Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)

WordPress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload

Related Vulnerabilities

WordPress Plugin Webapp builder (Free mobile apps native iPhone iOS & Android Winphone mobile apps) Arbitrary File Upload (2.0)

WordPress Plugin Membership For WooCommerce-Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members with WooCommerce Membership Arbitrary File Upload (2.1.6)

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

Oracle E-Business Suite Frame Injection (CVE-2017-3528)

Apache Tomcat JK connector security bypass

Severity

High

Classification

CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N