Description
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/33991
metasploit
WORKING POC
EXCELLENT
by Marc-Alexandre Montpas, Christian Mehlmauer · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb
References (6)
Core 6
Core References
Patch x_refsource_confirm
https://wordpress.org/plugins/wysija-newsletters/changelog/
Various Sources x_refsource_misc
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
Various Sources x_refsource_misc
http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html
Various Sources x_refsource_misc
http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/07/08/7
Scores
EPSS
0.8179
EPSS Percentile
99.2%
Details
VulnCheck KEV
2022-12-05
CWE
CWE-287
Status
published
Products (50)
mailpoet/mailpoet_newsletters
0.9
mailpoet/mailpoet_newsletters
0.9.1
mailpoet/mailpoet_newsletters
0.9.2
mailpoet/mailpoet_newsletters
0.9.6
mailpoet/mailpoet_newsletters
1.0
mailpoet/mailpoet_newsletters
1.0.1
mailpoet/mailpoet_newsletters
1.1
mailpoet/mailpoet_newsletters
1.1.1
mailpoet/mailpoet_newsletters
1.1.2
mailpoet/mailpoet_newsletters
1.1.3
... and 40 more
Published
Jul 27, 2014
Tracked Since
Feb 18, 2026