What is CVE-2014-4725?

CVE-2014-4725 is a vulnerability in Mailpoet Mailpoet_newsletters, classified under Improper Authentication. Published 2014-07-27.

Is CVE-2014-4725 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Mailpoet Mailpoet_newsletters

CVE-2014-4725

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the th…

Vulnerability class: Broken Authentication

EPSS: 0.818 (99.2th percentile) — read the EPSS interpretation.

Affected products

Mailpoet Mailpoet_newsletters — versions 0.9, 0.9.1, 0.9.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload (mailing-list, x_refsource_MLIST)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-4725?: CVE-2014-4725 is a vulnerability in Mailpoet Mailpoet_newsletters, classified under Improper Authentication. Published 2014-07-27.
Is CVE-2014-4725 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.