Insecure Deserialization in Newsletter Manager Plugin for WordPress
CVE-2020-36727
9.8CRITICAL
What is CVE-2020-36727?
The Newsletter Manager plugin for WordPress is affected by a vulnerability that allows for insecure deserialization. This issue arises from unsanitized input being processed through a deserialization function, specifically from the 'customFieldsDetails' parameter. As a result, unauthenticated attackers may exploit this flaw to inject malicious serialized PHP objects, potentially compromising the integrity of WordPress sites that utilize this plugin.
Affected Version(s)
Newsletter Manager * <= 1.5.1