فا

‫ WordPress MailPoet Newsletters Plugin Security Bypass Vulnerability

IRCAD2014073403

Number: IRCAD2014073403

Date: 2014/07/03

Criticality level: highly critical

Software:

WordPress MailPoet Newsletters (formerly Wysija Newsletters) Plugin 2.x

Description

Sucuri Research Team has discovered a vulnerability in the MailPoet Newsletters plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the plugin not properly restricting access to certain administrative functionality, which can be exploited to perform otherwise restricted actions and subsequently e.g. upload and execute arbitrary PHP code.

The vulnerability is confirmed in version 2.6.6. Prior versions may also be affected.

Solution:

Update to 2.6.7.

Resources:

MailPoet Newsletters:

Sucuri Research Team:

secunia:

http://secunia.com/advisories/59238/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 تیر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0