ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Email Subscribers Plugin <= 2.9 - Multiple Vulnerabilities

Product
Email Subscribers & Newsletters
Description
This plugin is prone to a cross site scripting and SQL injection vulnerabilities. Because of them, attackers can inject arbitrary HTML or JS code or execute arbitrary SQL commands.
Solution
Update the plugin.
Classification
Type Multi
References
Cinu
CVE
Name CVE-N/A
Versions
Affected In <= 2.9
Fixed In 2.9.1
Disclosure date
2015-08-10
Credits
Marcin Probola
Submitter
ThreatPress