Remote Code Execution Vulnerability in MailPoet Newsletters Plugin for WordPress
CVE-2014-4725
Currently unrated
What is CVE-2014-4725?
The MailPoet Newsletters plugin for WordPress prior to version 2.6.7 is susceptible to a remote code execution vulnerability. This issue arises from improper authentication mechanisms that allow attackers to upload malicious files disguised as themes. By exploiting the functionality provided by wp-admin/admin-post.php, attackers can execute arbitrary PHP code by accessing a crafted theme file located in the wp-content/uploads/wysija/themes/mailp/ directory. This vulnerability poses a significant risk, allowing unauthorized users to compromise the integrity of the WordPress site.