VYPR
Critical severity9.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2020-36727

CVE-2020-36727

Description

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:xyzscripts:newsletter_manager:*:*:-:*:-:wordpress:*:*+ 1 more
    • cpe:2.3:a:xyzscripts:newsletter_manager:*:*:-:*:-:wordpress:*:*range: <=1.5.1
    • (no CPE)range: <=1.5.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.