The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:47.021Z
Updated: 2023-06-07T01:51:47.021Z
Reserved: 2023-06-06T13:21:59.609Z
Link: CVE-2020-36727
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:12.673
Modified: 2023-11-07T03:22:30.130
Link: CVE-2020-36727
JSON object: View
Redhat Information
No data.
CWE