WordPress Mailing List Plugin - Arbitrary File Download Vulnerability
Mailing List plugin is prone to an arbitrary file download vulnerability that allows an attacker to break into your system. Vulnerable script includes config.php file, which connects to database with supplied credentials. The bug is in config.php, but it is accessible from the other file.
Update the plugin.
Type Unknown OWASP Top 10 A2: Broken Authentication and Session Management