Description
WordPress Plugin Plugin:Newsletter is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Plugin:Newsletter version 1.5 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://www.securityfocus.com/bid/53900/exploit
http://www.exploit-db.com/exploits/19018/
http://1337day.com/exploits/18489
http://packetstormsecurity.com/files/113413/WordPress-Newsletter-1.5-File-Disclosure.html
Related Vulnerabilities
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)
Oracle HTTP Server CVE-2013-6438 Vulnerability (CVE-2013-6438)
PleskLin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4878)
MySQL CVE-2019-2922 Vulnerability (CVE-2019-2922)
WordPress Plugin Custom Field Suite Cross-Site Scripting (2.5.14)