CVE-2019-19985
published 2019-12-26CVE-2019-19985: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
PriorityP275medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
71.40%
99.3th percentile
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icegram | email_subscribers_newsletters | < 4.2.3 | 4.2.3 |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
GET /wp-admin/admin.php?page=download_report&report=users&status=all (unauthenticated, HTTP 200, Content-Disposition: attachment; filename=all-contacts.csv)
- →Detect unauthenticated GET requests to /wp-admin/admin.php with query parameters page=download_report&report=users&status=all — no authentication cookie required for exploitation. ↗
- →Alert on HTTP responses containing the header 'Content-Disposition: attachment; filename=all-contacts.csv;' originating from a WordPress admin endpoint — indicates successful user data exfiltration. ↗
- →Confirm exploitation by checking response body for the combination of fields: Name, Email, Status, Created On — these are the CSV column headers of the exfiltrated contacts file. ↗
- →Use the Google Dork to identify exposed vulnerable instances: search for 'Stable tag' inurl:wp-content/plugins/email-subscribers/readme.txt ↗
- ·The vulnerability affects Email Subscribers & Newsletters versions up to and including 4.2.2; version 4.2.3 is the patched release. ↗
- ·The exploit requires no authentication — the vulnerable endpoint is accessible without any WordPress session or admin credentials, making it trivially exploitable remotely. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv3.05.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-862m-v43m-wwr6: The WordPress plugin, Email Subscribers & Newsletters, before 4
ghsa_unreviewed·2022-05-24
CVE-2019-19985 [MEDIUM] CWE-200 GHSA-862m-v43m-wwr6: The WordPress plugin, Email Subscribers & Newsletters, before 4
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
VulnCheck
icegram email_subscribers_\&_newsletters Missing Authorization
vulncheck·2019·CVSS 5.3
CVE-2019-19985 [MEDIUM] icegram email_subscribers_\&_newsletters Missing Authorization
icegram email_subscribers_\&_newsletters Missing Authorization
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
Affected: icegram email_subscribers_\&_newsletters
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-subscribers/email-subscribers-newsletters-422-unauthenticated-file-download-w-information-disclosure
No detection rules found.
Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
exploitdb·2020-07-26·CVSS 5.3
CVE-2019-19985 [MEDIUM] WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
---
# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
# Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt
# Date: 2020-07-20
# Exploit Author: KBA@SOGETI_ESEC
# Vendor Homepage: https://www.icegram.com/email-subscribers/
# Software Link: https://pluginarchive.com/wordpress/email-subscribers/v/4-2-2
# Version: <= 4.2.2
# Tested on: Email Subscribers & Newsletters 4.2.2
# CVE : CVE-2019-19985
################################################################################################
# ___ ___ ___ ___ ___ #
# /\ \ /\ \ /\ \ /\ \ /\ \ ___ #
# /::\ \ /::\ \ /::\ \ /::\ \ \:\ \ /\ \ #
# /:/\ \ \ /:/\:\ \ /:/\:\ \ /:/\:\
Nuclei
WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
nuclei·CVSS 5.3
CVE-2019-19985 [MEDIUM] WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
Template:
id: CVE-2019-19985
info:
name: WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
severity: medium
description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive
http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.htmlhttps://wpvulndb.com/vulnerabilities/9946https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.htmlhttps://wpvulndb.com/vulnerabilities/9946https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/
2019-12-26
Published
Exploited in the wild