CVE-2020-35932 in Newsletter Plugininfo

Summary

by MITRE • 01/01/2021

Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

01/01/2021

Moderation

accepted

Entry

VDB-167185

CPE

ready

CWE

CWE-74 (confirmed)

CVSS

5.0 (VulDB)

EPSS

0.00980

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-35932
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-35932
CVE Details	https://www.cvedetails.com/cve/CVE-2020-35932/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!