WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability

newsletter-manager

Software
Newsletter Manager
Versions
<= 1.5.1
Disclosure date
2020-12-29
Classification
Other Vulnerability Type
OWASP Top 10

Are your websites subject to this vulnerability?

Details

Unauthenticated Insecure Deserialisation vulnerability found by Jerome Bruander (NinTechNet) in WordPress Newsletter Manager plugin (versions <= 1.5.1).

Solution

2020-12-31 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October 28, 2020 and is not available for download. Reason: Security Issue."

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.