High severity7.5NVD Advisory· Published Jan 26, 2018· Updated Jun 17, 2026
CVE-2018-6015
CVE-2018-6015
Description
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.4.8
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/43872/nvdExploitThird Party AdvisoryVDB Entry
- blog.threatpress.com/vulnerability-email-subscribers-plugin/nvdThird Party Advisory
- wordpress.org/plugins/email-subscribers/nvdRelease Notes
News mentions
0No linked articles in our index yet.