Description
WordPress Plugin Plugin:Newsletter is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Plugin:Newsletter version 1.5 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://www.securityfocus.com/bid/53900/exploit
http://www.exploit-db.com/exploits/19018/
http://1337day.com/exploits/18489
http://packetstormsecurity.com/files/113413/WordPress-Newsletter-1.5-File-Disclosure.html
Related Vulnerabilities
WordPress Plugin Comment Rating 'path' Parameter Cross-Site Scripting (2.9.20)
WordPress Plugin DP Maintenance Mode Lite Cross-Site Scripting (1.3.2)
WordPress Plugin Age Verify Cross-Site Scripting (0.2.8)
phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)
WordPress Plugin Download Manager Directory Traversal (3.2.54)