Description

The WordPress plugin "MailPoet Newsletters" (wysija-newsletters) before version 2.6.8 is vulnerable to an unauthenticated file upload. An attacker can use the Upload Theme functionality to upload a zip file containing a PHP shell.

Remediation

Upgrade to the latest version of MailPoet Newsletters (this issue was fixed in version 2.6.8).

References

MailPoet Newsletters Changelog

Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)

WordPress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload

Related Vulnerabilities

File tampering

HTML Attribute Injection

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (1.3.88)

WordPress Plugin Clipboard Images Arbitrary File Upload (0.3)

WordPress Plugin MediaRSS external gallery TimThumb Arbitrary File Upload (0.1)

Severity

High

Classification

CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Unauthenticated File Upload