Published: 27/07/2014 Updated: 28/07/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The MailPoet Newsletters (wysija-newsletters) plugin prior to 2.6.7 for WordPress allows remote malicious users to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mailpoet mailpoet newsletters 2.6.4
mailpoet mailpoet newsletters 2.6.3
mailpoet mailpoet newsletters 2.6.2
mailpoet mailpoet newsletters 2.6.1
mailpoet mailpoet newsletters 2.5.1
mailpoet mailpoet newsletters 2.5
mailpoet mailpoet newsletters 2.4.4
mailpoet mailpoet newsletters 2.4.3
mailpoet mailpoet newsletters 2.2
mailpoet mailpoet newsletters 2.1.9
mailpoet mailpoet newsletters 2.1.8
mailpoet mailpoet newsletters 2.1.7
mailpoet mailpoet newsletters 2.1.6
mailpoet mailpoet newsletters 2.0.4
mailpoet mailpoet newsletters
mailpoet mailpoet newsletters 2.6
mailpoet mailpoet newsletters 2.5.9.3
mailpoet mailpoet newsletters 2.5.7
mailpoet mailpoet newsletters 2.5.4
mailpoet mailpoet newsletters 2.5.2
mailpoet mailpoet newsletters 2.4.2
mailpoet mailpoet newsletters 2.4
mailpoet mailpoet newsletters 2.2.3
mailpoet mailpoet newsletters 2.2.1
mailpoet mailpoet newsletters 2.1.4
mailpoet mailpoet newsletters 2.1.2
mailpoet mailpoet newsletters 2.0.8
mailpoet mailpoet newsletters 2.0.6
mailpoet mailpoet newsletters 1.1.5
mailpoet mailpoet newsletters 1.1.3
mailpoet mailpoet newsletters 0.9.2
mailpoet mailpoet newsletters 0.9
mailpoet mailpoet newsletters 2.0.3
mailpoet mailpoet newsletters 2.0.2
mailpoet mailpoet newsletters 2.0.1
mailpoet mailpoet newsletters 2.5.9.2
mailpoet mailpoet newsletters 2.5.9.1
mailpoet mailpoet newsletters 2.5.9
mailpoet mailpoet newsletters 2.5.8
mailpoet mailpoet newsletters 2.3.4
mailpoet mailpoet newsletters 2.3.3
mailpoet mailpoet newsletters 2.3.2
mailpoet mailpoet newsletters 2.3.1
mailpoet mailpoet newsletters 2.1.1
mailpoet mailpoet newsletters 2.1
mailpoet mailpoet newsletters 2.0.9.5
mailpoet mailpoet newsletters 2.0.9
mailpoet mailpoet newsletters 1.1.2
mailpoet mailpoet newsletters 1.1.1
mailpoet mailpoet newsletters 1.1
mailpoet mailpoet newsletters 1.0.1
mailpoet mailpoet newsletters 1.0
mailpoet mailpoet newsletters 2.6.5
mailpoet mailpoet newsletters 2.5.9.4
mailpoet mailpoet newsletters 2.5.5
mailpoet mailpoet newsletters 2.5.3
mailpoet mailpoet newsletters 2.4.1
mailpoet mailpoet newsletters 2.3.5
mailpoet mailpoet newsletters 2.3
mailpoet mailpoet newsletters 2.2.2
mailpoet mailpoet newsletters 2.1.5
mailpoet mailpoet newsletters 2.1.3
mailpoet mailpoet newsletters 2.0.7
mailpoet mailpoet newsletters 2.0.5
mailpoet mailpoet newsletters 2.0
mailpoet mailpoet newsletters 1.1.4
mailpoet mailpoet newsletters 0.9.6
mailpoet mailpoet newsletters 0.9.1

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info ...

CWE-287 http://www.openwall.com/lists/oss-security/2014/07/08/7 http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html https://wordpress.org/plugins/wysija-newsletters/changelog/http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html https://nvd.nist.gov https://www.exploit-db.com/exploits/33991/

CVE-2014-4725

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect