Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
No PoCs from references.
- https://github.com/20142995/nuclei-templates
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Pwdnx1337/CVE-2014-4725
- https://github.com/Pwdnx1337/MASS-CVE-2014-4725
- https://github.com/pwdnx337/CVE-2014-4725