Published: 08/01/2020 Updated: 31/01/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

Vulnerable Product	Search on Vulmon	Subscribe to Product
icegram email subscribers \\& newsletters

WordPress Email Subscribers and Newsletters plugin version 422 suffers from a remote SQL injection vulnerability ...

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

CVE-2019-20361-EXPLOIT There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 431, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability) This script is a "sanized-version" of original script avalible on exploit-dbcom created by @KBA@SOGETI_ESEC ,the original version wa

CWE-89 https://wpvulndb.com/vulnerabilities/9947 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/http://packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html https://nvd.nist.gov https://github.com/jerrylewis9/CVE-2019-20361-EXPLOIT https://packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html

CVE-2019-20361

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect