Vulnerabilities found in Newsletter plugin for WordPress

Newsletter, a free WordPress plugin with more than 300,000 installations, was found to contain multiple vulnerabilities that could eventually lead to the takeover of an affected website. The bugs were discovered by the Wordfence team who notified the developer of the plugin.

 

About the Newsletter plugin

The Newsletter plugin facilitates a visual editor that you can use to create newsletters and email campaigns from your WordPress dashboard. There is a wide range of ready-to-use templates available, but the drag and drop function makes it very easy for beginners to build beautiful layouts themselves. In addition, the plugin contains all kinds of features to track your newsletters and view statistics.

 

Vulnerabilities

Research by the Wordfence team has uncovered two vulnerabilities. The first is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious code so that so-called backdoors can be created. Malicious parties can also create an admin account for themselves. The second problem concerns a PHP object-injection vulnerability. This can be used to execute arbitrary code and upload files, among other things. This vulnerability could also lead to complete website takeover.

 

Update Patches

The developers of the Newsletter plugin have taken immediate action after being made aware of the vulnerabilities. An update with patches has now been released.

Users are therefore advised to update to the most recent version of Newsletter as soon as possible. At the moment this is version 6.8.2.

Wordfence premium users are protected by a new firewall rule. This will also be made available on August 15 to those who use the free version of the Wordfence plugin. Nevertheless, it is always advisable to keep your WordPress plugins up to date.

 

Additional Information

If you want to know more about the vulnerabilities in the Newsletter plugin, you can read this blog post on the Wordfence website.

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW

Related Posts

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
close-link
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.