QwikSec

Security Database

CVE

CWE

Training

CVE-2019-14788

Published: Aug 15, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wpvulndb.com/vulnerabilities/9447

x_refsource_MISC

https://wordpress.org/plugins/newsletters-lite/#developers

x_refsource_MISC

https://www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.