Lucene search
WpvulndbWPVDB-ID:C1147745-9E0E-454D-8F7C-179D818B3596HistoryJul 01, 2019 - 12:00 a.m.
Newsletter Lite < 4.6.19 - Multiple Issues
2019-07-0100:00:00
wpscan.com
3
0.003 Low
EPSS
Percentile
66.2%
- Lack of CSRF, Authorisation and sanitisation checks in the ajax_load_new_editor() function, registered as an AJAX method, can lead to an authenticated reflected XSS issue. - Authenticated Directory Traversal leading to RCE
PoC
XSS: As an authenticated user (with a role as low as a Subscriber), open https:///wp-admin/admin-ajax.php?action=newsletters_load_new_editor&contentarea;="> RCE: Save the below code in an HTML file, then open it when logged in (with a role as low as Subscriber). Then, the PHP file will be at https:///wp-content/uploads/nl_rce.php
| CPE | Name | Operator | Version |
|---|---|---|---|
| newsletters-lite | lt | 4.6.19 |
Related
wpexploit
wpexploit
Newsletter Lite < 4.6.19 - Multiple Issues
2019-07-01 00:00:00
prion
prion
Directory traversal
2019-08-15 16:15:00
Design/Logic Flaw
2019-08-09 13:15:00
nvd
nvd
CVE-2019-14788
2019-08-15 16:15:12
CVE-2019-14787
2019-08-09 13:15:12
cvelist
cvelist
CVE-2019-14787
2019-08-09 12:21:59
CVE-2019-14788
2019-08-15 15:45:22
cve
cve
CVE-2019-14787
2019-08-09 13:15:12
CVE-2019-14788
2019-08-15 16:15:12