CVE Vulnerabilities

CVE-2014-4725

Improper Authentication

Published: Jul 27, 2014 | Modified: Jul 28, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Mailpoet_newsletters Mailpoet 2.1.1 2.1.1
Mailpoet_newsletters Mailpoet 2.0.6 2.0.6
Mailpoet_newsletters Mailpoet 1.1.5 1.1.5
Mailpoet_newsletters Mailpoet 2.0 2.0
Mailpoet_newsletters Mailpoet 2.1.2 2.1.2
Mailpoet_newsletters Mailpoet 2.6.3 2.6.3
Mailpoet_newsletters Mailpoet 1.0.1 1.0.1
Mailpoet_newsletters Mailpoet 2.5.4 2.5.4
Mailpoet_newsletters Mailpoet 0.9.2 0.9.2
Mailpoet_newsletters Mailpoet 2.3.1 2.3.1
Mailpoet_newsletters Mailpoet 2.4.1 2.4.1
Mailpoet_newsletters Mailpoet 2.3.2 2.3.2
Mailpoet_newsletters Mailpoet 2.6 2.6
Mailpoet_newsletters Mailpoet 2.5.9.3 2.5.9.3
Mailpoet_newsletters Mailpoet 2.0.7 2.0.7
Mailpoet_newsletters Mailpoet 2.0.8 2.0.8
Mailpoet_newsletters Mailpoet 2.0.9 2.0.9
Mailpoet_newsletters Mailpoet 2.4.4 2.4.4
Mailpoet_newsletters Mailpoet 2.6.4 2.6.4
Mailpoet_newsletters Mailpoet 2.5.3 2.5.3
Mailpoet_newsletters Mailpoet 2.3.3 2.3.3
Mailpoet_newsletters Mailpoet 2.0.5 2.0.5
Mailpoet_newsletters Mailpoet * 2.6.6
Mailpoet_newsletters Mailpoet 2.0.1 2.0.1
Mailpoet_newsletters Mailpoet 2.2.1 2.2.1
Mailpoet_newsletters Mailpoet 2.0.2 2.0.2
Mailpoet_newsletters Mailpoet 1.0 1.0
Mailpoet_newsletters Mailpoet 0.9.1 0.9.1
Mailpoet_newsletters Mailpoet 2.1.3 2.1.3
Mailpoet_newsletters Mailpoet 2.5.9 2.5.9
Mailpoet_newsletters Mailpoet 2.5.9.4 2.5.9.4
Mailpoet_newsletters Mailpoet 2.5 2.5
Mailpoet_newsletters Mailpoet 2.1.5 2.1.5
Mailpoet_newsletters Mailpoet 2.6.5 2.6.5
Mailpoet_newsletters Mailpoet 1.1.4 1.1.4
Mailpoet_newsletters Mailpoet 2.2.3 2.2.3
Mailpoet_newsletters Mailpoet 2.5.8 2.5.8
Mailpoet_newsletters Mailpoet 1.1.2 1.1.2
Mailpoet_newsletters Mailpoet 2.6.1 2.6.1
Mailpoet_newsletters Mailpoet 2.3.4 2.3.4
Mailpoet_newsletters Mailpoet 2.1.8 2.1.8
Mailpoet_newsletters Mailpoet 2.3 2.3
Mailpoet_newsletters Mailpoet 2.1.7 2.1.7
Mailpoet_newsletters Mailpoet 2.6 2.6
Mailpoet_newsletters Mailpoet 1.1.3 1.1.3
Mailpoet_newsletters Mailpoet 0.9 0.9
Mailpoet_newsletters Mailpoet 2.1.4 2.1.4
Mailpoet_newsletters Mailpoet 2.5.1 2.5.1
Mailpoet_newsletters Mailpoet 2.0.3 2.0.3
Mailpoet_newsletters Mailpoet 2.4.2 2.4.2
Mailpoet_newsletters Mailpoet 2.5.2 2.5.2
Mailpoet_newsletters Mailpoet 2.5.7 2.5.7
Mailpoet_newsletters Mailpoet 2.5.9.1 2.5.9.1
Mailpoet_newsletters Mailpoet 1.1.1 1.1.1
Mailpoet_newsletters Mailpoet 2.5.5 2.5.5
Mailpoet_newsletters Mailpoet 2.0.9.5 2.0.9.5
Mailpoet_newsletters Mailpoet 2.1.9 2.1.9
Mailpoet_newsletters Mailpoet 2.1.6 2.1.6
Mailpoet_newsletters Mailpoet 2.2.2 2.2.2
Mailpoet_newsletters Mailpoet 2.2 2.2
Mailpoet_newsletters Mailpoet 2.6.2 2.6.2
Mailpoet_newsletters Mailpoet 2.4 2.4
Mailpoet_newsletters Mailpoet 0.9.6 0.9.6
Mailpoet_newsletters Mailpoet 2.4.3 2.4.3
Mailpoet_newsletters Mailpoet 1.1 1.1
Mailpoet_newsletters Mailpoet 2.1 2.1
Mailpoet_newsletters Mailpoet 2.0.4 2.0.4
Mailpoet_newsletters Mailpoet 2.3.5 2.3.5
Mailpoet_newsletters Mailpoet 2.5.9.2 2.5.9.2

Potential Mitigations

References