ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Newsletter Plugin 1.5 - Remote File Disclosure

Product
NewsLetter
Description
WordPress Newsletter plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel.
Solution
Update the plugin,
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Exploit-DB
CVE
Name CVE-2012-3588
Versions
Affected In <= 1.5
Fixed In 1.6
Disclosure date
2012-06-08
Credits
Sammy FORGIT