VYPR
Medium severity4.3NVD Advisory· Published Dec 26, 2019· Updated Jun 17, 2026

CVE-2019-19980

CVE-2019-19980

Description

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.