RSS   Vulnerabilities for 'Newsletter'   RSS

2019-08-15
 
CVE-2019-14788

CWE-22
 

 
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

 

 >>> Vendor: Tribulant 5 Products
Tibulant slideshow gallery
Slideshow gallery
Newsletters
Newsletter
One click ssl


Copyright 2022, cxsecurity.com

 

Back to Top