CVE-2019-19980

Published: Dic 26, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-9568 Aliases: GSD-2019-19980

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: low

MEDIUM 4,0

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: single

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0023

Percentile

0,5th

Updated

EPSS Score Trend (Last 90 Days)

Application

Email Subscribers \& Newsletters by Icegram

Product Information

Vendor Icegram

Product Email Subscribers \& Newsletters

Version Range Affected

To 4.2.3 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://wpvulndb.com/vulnerabilities/9946

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9946

https://www.wordfence.com/blog/2019/11/multiple-vulnerabili…

Exploit Third Party Advisory

https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-emai…

https://wpvulndb.com/vulnerabilities/9946

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9946

https://www.wordfence.com/blog/2019/11/multiple-vulnerabili…

Exploit Third Party Advisory

https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-emai…

CVE-2019-19980

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Email Subscribers \& Newsletters by Icegram

Product Information

Iscriviti alla newsletter