Unrated severityNVD Advisory· Published Aug 15, 2019· Updated Aug 5, 2024
CVE-2019-14788
CVE-2019-14788
Description
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Tribulant Newslettersdescription
- Range: <4.6.19
Patches
Vulnerability mechanics
References
3- wordpress.org/plugins/newsletters-lite/mitrex_refsource_MISC
- wpvulndb.com/vulnerabilities/9447mitrex_refsource_MISC
- www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.