The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-27T18:00:00
Updated: 2014-07-27T17:57:00
Reserved: 2014-07-08T00:00:00
Link: CVE-2014-4725
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-07-27T18:55:05.027
Modified: 2014-07-28T19:18:25.507
Link: CVE-2014-4725
JSON object: View
Redhat Information
No data.
CWE