Description
WordPress Plugin MailPoet Newsletters (Previous) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently subscribe arbitrary users without their specific consent. WordPress Plugin MailPoet Newsletters (Previous) version 2.8.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.8.2 or latest
References
https://eredasecurity.wordpress.com/2018/03/17/mailpoet-spamming-vulnerability/
https://plugins.svn.wordpress.org/wysija-newsletters/trunk/readme.txt
Related Vulnerabilities
Microsoft SQL Server CVE-2023-32028 Vulnerability (CVE-2023-32028)
Plone CMS Resource Management Errors Vulnerability (CVE-2013-4188)
WordPress Plugin WP Construction Mode Cross-Site Request Forgery (1.91)
Zope Web Application Server Other Vulnerability (CVE-2012-5486)
PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-3823)