WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability

Back

Product: Newsletter Manager
Description: Unauthenticated Insecure Deserialisation vulnerability found by Jerome Bruander (NinTechNet) in WordPress Newsletter Manager plugin (versions <= 1.5.1).
Solution: 2020-12-31 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October 28, 2020 and is not available for download. Reason: Security Issue."
Classification: Type Unknown
References: Vulnerability details
Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 1.5.1
Fixed In 1.5.2
Disclosure date: 2020-12-29
Credits: Jerome Bruandet (NinTechNet)

ThreatPress