CVE-2019-19984
MEDIUMEmail Subscribers & Newsletters < 4.2.3 - Incorrect Authorization
Title source: llmDescription
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9946
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/
Scores
CVSS v3
6.3
EPSS
0.0097
EPSS Percentile
57.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-863
Status
published
Products (1)
icegram/email_subscribers_\&_newsletters
< 4.2.3
Published
Dec 26, 2019
Tracked Since
Feb 18, 2026