Login

Tag Archives: Newsletters

2 Jul 2019

There is Also an Authenticated Remote Code Execution (RCE) Vulnerability in Newsletters

Yesterday we noted a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Newsletters, which was closed on Friday, that we happened across. Subsequent to that in our monitoring to keep track of indications that new versions of plugins have security fixes we noticed that a new version of the plugin had been submitted with “Security fixes”. That version doesn’t fix the vulnerability we had mentioned yesterday. When we started looking over that to see if there was something else that was fixed that we should add to the data set of plugin vulnerabilities for our service, we came across more unfixed vulnerabilities.

What we first ran across is a fairly serious vulnerability, an authenticated remote code execution (RCE) vulnerability, which is included in code that seems like shouldn’t exist even if better secured. [Read more]

1 Jul 2019

Reflected Cross-Site Scripting (XSS) Vulnerability in Newsletters

While looking into a vulnerability in a WordPress plugin closed on the Plugin Directory on Friday, so that we could warn the customers of our service about it, we noticed an indication that there might have been the same type of vulnerability in the plugin Newsletters as well and then found it had also been closed on the same day . A search over the plugin’s code and a bit of testing confirmed that it contains a reflected cross-site scripting (XSS). We don’t know if that led to the closure.

The plugin registers the function ajax_load_new_editor() to be accessible through WordPress’ AJAX functionality to those logged in to WordPress: [Read more]

5 Mar 2018

Is This PHP Object Injection Vulnerability Why a Hacker Would Be Interested in the WordPress Plugin Newletters?

On March 1 we had a request on this website for a file that would be located at wp-content/plugins/newsletters-lite/readme.txt. That is file from the plugin Newsletters and our guess would be that the request was from a hacker probing for usage of the plugin in preparation to try to exploit a vulnerability in it. In looking over the plugin we found a PHP object injection vulnerability that might be what be what a hacker would be interested in exploiting, since that is a type of vulnerability they frequently target.

The plugin’s function init() in the file /wp-mailinglist.php runs during, not surprisingly, init: [Read more]

26 Jun 2017

Cross-Site Request Forgery (CSRF)/Arbitrary File Upload Vulnerability in Newsletters

We recently have been trying to get an idea of how effective it would be to try to proactively catch some vulnerabilities when changes are made to WordPress plugins that include those vulnerabilities. Seeing as arbitrary file upload vulnerabilities are at the top in terms of exploits that seems like one area where it might make sense to focus on, while looking over just several days worth of plugin changes we ran across a related, though much less concerning vulnerability. That being a cross-site request forgery (CSRF)/arbitrary file upload vulnerability in the plugin Newsletters, which would be unlikely to be targeted on a wide scale, but might be used in a targeted attack.

The vulnerability is caused by two security failures. [Read more]