CVE-2018-6015
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.Enginsight
Vendor | Product | Version |
---|---|---|
icegram | email_subscribers_\&_newsletters | 𝑥 < 3.4.8 |
Common Weakness Enumeration