WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Email Subscribers & Newsletters Security Bypass (3.5.13)

Description

WordPress Plugin Email Subscribers & Newsletters is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass the subscription form using fake email accounts. WordPress Plugin Email Subscribers & Newsletters version 3.5.13 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.5.14 or latest

References

https://wordpress.org/support/topic/russian-spam-is-back-again/

https://plugins.svn.wordpress.org/email-subscribers/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Fancy Gallery 'image-upload.php' Arbitrary File Upload (1.2.4)

WordPress Plugin Pressbooks Textbook Cross-Site Scripting (1.2.5)

WordPress Plugin CP Contact Form with PayPal Multiple Vulnerabilities (1.1.5)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Request Forgery (2.8.6)

WordPress Plugin Easy PayPal Events Unspecified Vulnerability (1.1.6)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Authentication Bypass