CVE-2019-19982 β€” Improper Authentication in Email Subscribers Newsletters

CWE-287 β€” Improper Authentication3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Icegram Email Subscribers Newsletters
Timeline
PublishedDec 26
Latest updateMay 24

Description

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-rf99-rhf6-h4fp: The WordPress plugin, Email Subscribers & Newsletters, before 4β†—2022-05-24
β–Ά
CVEList
CVE-2019-19982: The WordPress plugin, Email Subscribers & Newsletters, before 4β†—2019-12-26
β–Ά
CVE-2019-19982 β€” Improper Authentication | cvebase