Description
WordPress Plugin MailPoet Newsletters (Previous) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently subscribe arbitrary users without their specific consent. WordPress Plugin MailPoet Newsletters (Previous) version 2.8.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.8.2 or latest
References
https://eredasecurity.wordpress.com/2018/03/17/mailpoet-spamming-vulnerability/
https://plugins.svn.wordpress.org/wysija-newsletters/trunk/readme.txt
Related Vulnerabilities
PHP-Fusion Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1807)
WordPress Plugin Email Queue by BestWebSoft Cross-Site Request Forgery (1.0.0)
WordPress Plugin Easy Event calendar Cross-Site Scripting (1.0)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10)