Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-19985Missing Authorization in Email Subscribers Newsletters

CWE-862Missing AuthorizationCWE-200Sensitive Information Exposure6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
79.6%
top 0.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Icegram Email Subscribers Newsletters
Timeline
PublishedDec 26
Latest updateMay 24

Description

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-862m-v43m-wwr6: The WordPress plugin, Email Subscribers & Newsletters, before 42022-05-24
CVEList
CVE-2019-19985: The WordPress plugin, Email Subscribers & Newsletters, before 42019-12-26
VulnCheck
icegram email_subscribers_\&_newsletters Missing Authorization2019

💥Exploits & PoCs

2
Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download2020-07-26
Nuclei
WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
CVE-2019-19985 — Missing Authorization | cvebase