ThreatPress

WordPress Vulnerability Database

Back

WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability

Product
Newsletter Manager
Description
Unauthenticated Insecure Deserialisation vulnerability found by Jerome Bruander (NinTechNet) in WordPress Newsletter Manager plugin (versions <= 1.5.1).
Solution
2020-12-31 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October 28, 2020 and is not available for download. Reason: Security Issue."
Classification
Type Unknown
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.5.1
Fixed In 1.5.2
Disclosure date
2020-12-29
Credits
Jerome Bruandet (NinTechNet)