CVE-2019-19982
MEDIUMEmail Subscribers & Newsletters < 4.2.3 - Unauthenticated Arbitrary Option Creation via admin-post.php
Title source: llmDescription
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9946
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/
Scores
CVSS v3
5.3
EPSS
0.0125
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (1)
icegram/email_subscribers_\&_newsletters
< 4.2.3
Published
Dec 26, 2019
Tracked Since
Feb 18, 2026