ThreatPress

WordPress Vulnerabilities Database

Back

WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload

Product
Simple Share Buttons Adder
Description
MailPoet (Wysija NewsLetters) plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the "admin_init" hook that is executed for unauthenticated users when accessing a specific URL.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-2014-4725
Versions
Affected In <= 2.6.7
Fixed In 2.6.8
Disclosure date
2014-07-07
Credits
metasploit