Description
WordPress Plugin Mailing List is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Mailing List version 1.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.2 or latest
References
Related Vulnerabilities
WordPress Plugin Synchi Arbitrary File Deletion (5.1)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.1.5)
WordPress Plugin Duplicate Page and Post Spam Injection (2.1.1)
WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)
WordPress Plugin Dexs PM System Cross-Site Scripting (1.0.1)