Detections
Analytics

MailPoet Newsletters for WordPress Arbitrary File Upload

high Nessus Plugin ID 76526

Language:

Synopsis

The remote web server contains a PHP script that allows for arbitrary file uploads.

Description

The MailPoet Newsletters plugin for WordPress installed on the remote web server is affected by a file upload vulnerability due to a failure to properly authenticate users. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the remote host, subject to the permissions of the web server user id.

Solution

Upgrade to MailPoet Newsletters version 2.6.7 or later.

See Also

http://www.nessus.org/u?47378aa3

Plugin Details

Severity: High

ID: 76526

File Name: wordpress_mailpoet_newsletters_arbitrary_upload.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 7/16/2014

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 7/1/2014

Vulnerability Publication Date: 7/1/2014

Exploitable With

Elliot (WordPress MailPoet Newsletters File Upload)

Reference Information

CVE: CVE-2014-4725

BID: 68310