← back
CVE-2019-19985

CVE-2019-19985

CVSS 5.8 MEDIUMEPSS 71.4%
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48698unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.htmlhttps://wpvulndb.com/vulnerabilities/9946https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/