The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote malicious users to modify list or campaign data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smackcoders wp ultimate email marketer plugin 1.0.3 |
||
smackcoders wp ultimate email marketer plugin 1.0.2 |
||
smackcoders wp ultimate email marketer plugin 1.0.1 |
||
smackcoders wp ultimate email marketer plugin 1.0.0 |
||
smackcoders wp ultimate email marketer plugin |