.. / CVE-2019-19985

Exploit for WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval (CVE-2019-19985)

Description:

WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.

Nuclei Template

View the template here CVE-2019-19985.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-19985.yaml

References:

https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/
http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html
https://nvd.nist.gov/vuln/detail/CVE-2019-19985
https://www.exploit-db.com/exploits/48698
https://wpvulndb.com/vulnerabilities/9946

.. / CVE-2019-19985 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval (CVE-2019-19985)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-19985