CVE-2019-20361

This exploit demonstrates an unauthenticated blind SQL injection vulnerability in WordPress Plugin Email Subscribers & Newsletters versions < 4.3.3. It includes a tamper script for SQLMap to automate exploitation and provides options for testing vulnerability, dumping database tables, and extracting specific data.

This repository contains a functional exploit for CVE-2019-20361, a blind SQL injection vulnerability in the WordPress plugin Email Subscribers & Newsletters before version 4.3.1. The exploit uses a bash script to automate SQL injection attacks via the 'hash' parameter, leveraging sqlmap for advanced exploitation.

This Metasploit module exploits an unauthenticated time-based SQL injection vulnerability in the WordPress Email Subscribers & Newsletters plugin (versions before 4.3.1). It targets the 'hash' parameter to dump user credentials from the 'wp_users' table.