ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin <= 6.0.7 - Unauthenticated CSV Injection vulnerability

Product
Hustle
Description
Unauthenticated CSV Injection vulnerability found by Mark Parfeniuk in WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin (versions <= 6.0.7).
Solution
Update the WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin to the latest available version (at least 6.0.8.1).
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2019-11872
Versions
Affected In <= 6.0.7
Fixed In 6.0.8.1
Disclosure date
2019-06-11
Credits
Mark Parfeniuk
Submitter
ThreatPress