Critical severity9.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026
CVE-2020-36727
CVE-2020-36727
Description
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:xyzscripts:newsletter_manager:*:*:-:*:-:wordpress:*:*+ 1 more
- cpe:2.3:a:xyzscripts:newsletter_manager:*:*:-:*:-:wordpress:*:*range: <=1.5.1
- (no CPE)range: <=1.5.1
Patches
Vulnerability mechanics
References
3- blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/nvdExploit
- wpscan.com/vulnerability/b82124b1-e5e1-4f1e-9513-90474fd3f066nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79nvdThird Party Advisory
News mentions
0No linked articles in our index yet.