CVE-2014-4725

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mailpoet Newsletters
Vendor: CVE Published:; 27 July 2014

Summary

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

References

https://wordpress.org/plugins/wysija-newsletters/changelog/

x_refsource_CONFIRM

http://blog.sucuri.net/2014/07/remote-file-upload-vulnera...

x_refsource_MISC

http://blog.sucuri.net/2014/07/malware-infection-breaking...

x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 27, 2014
Vulnerability Reserved
Jul 8, 2014