WordPress Plugin Vulnerabilities

Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection

Description

The Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
email-subscribers
Fixed in 4.3.1

References

CVE
CVE-2019-20361
URL
https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.1 (critical)

Miscellaneous

Original Researcher
Chloe Chamberland (Wordfence)
Verified
No
WPVDB ID
982b1fe4-12de-41f1-9a26-7bf1fc2c8bb6

Timeline

Publicly Published
2019-11-13 (about 6 years ago)
Added
2019-11-13 (about 6 years ago)
Last Updated
2020-04-27 (about 5 years ago)

Other

Published
Title
Published
2024-04-25
Title
WooCommerce Amazon Affiliates < 14.0.31 - Unauthenticated SQL Injection
Published
2025-12-02
Title
FluentCart A New Era of eCommerce < 1.3.2 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter
Published
2025-01-07
Title
Multiple Carousel <= 2.0 - Unauthenticated SQL Injection
Published
2024-10-31
Title
5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection
Published
2025-03-24
Title
دکمه، شبکه اجتماعی خرید <= 2.0.6 - Authenticated (Administrator+) SQL Injection