WordPress Plugin Vulnerabilities

Newsletter Manager <= 1.5.1 - Unauthenticated Insecure Deserialisation

Description

The plugin is affected by an insecure deserialisation issue, which could lead to an unauthenticated PHP object injection (when a suitable gadget chain is present)

Affects Plugins

newsletter-manager

No known fix - plugin closed

References

CVE

CVE-2020-36727

URL

https://blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

CWE-502

Miscellaneous

Original Researcher

Jerome Bruander (nintechnet)

Verified

WPVDB ID

b82124b1-e5e1-4f1e-9513-90474fd3f066

Timeline

Publicly Published

2020-12-29 (about 2 years ago)

Added

2020-12-29 (about 2 years ago)

Last Updated

2023-06-08 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin