CVE-2014-4725

Published: Jul 27, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Affected (69)

Products: Mailpoet: Mailpoet Newsletters

Mailpoet

1 product

Mailpoet Newsletters

Configuration A

69 vulnerable

Vulnerable Software	Affected Versions
Mailpoet Mailpoet Newsletters	Up to 2.6.6
Mailpoet Mailpoet Newsletters	Version 0.9.1
Mailpoet Mailpoet Newsletters	Version 0.9.2
Mailpoet Mailpoet Newsletters	Version 0.9.6
Mailpoet Mailpoet Newsletters	Version 0.9
Mailpoet Mailpoet Newsletters	Version 1.0.1
Mailpoet Mailpoet Newsletters	Version 1.0
Mailpoet Mailpoet Newsletters	Version 1.1.1
Mailpoet Mailpoet Newsletters	Version 1.1.2
Mailpoet Mailpoet Newsletters	Version 1.1.3
Mailpoet Mailpoet Newsletters	Version 1.1.4
Mailpoet Mailpoet Newsletters	Version 1.1.5
Mailpoet Mailpoet Newsletters	Version 1.1
Mailpoet Mailpoet Newsletters	Version 2.0.1
Mailpoet Mailpoet Newsletters	Version 2.0.2
Mailpoet Mailpoet Newsletters	Version 2.0.3
Mailpoet Mailpoet Newsletters	Version 2.0.4
Mailpoet Mailpoet Newsletters	Version 2.0.5
Mailpoet Mailpoet Newsletters	Version 2.0.6
Mailpoet Mailpoet Newsletters	Version 2.0.7
Mailpoet Mailpoet Newsletters	Version 2.0.8
Mailpoet Mailpoet Newsletters	Version 2.0.9.5
Mailpoet Mailpoet Newsletters	Version 2.0.9
Mailpoet Mailpoet Newsletters	Version 2.0
Mailpoet Mailpoet Newsletters	Version 2.1.1
Mailpoet Mailpoet Newsletters	Version 2.1.2
Mailpoet Mailpoet Newsletters	Version 2.1.3
Mailpoet Mailpoet Newsletters	Version 2.1.4
Mailpoet Mailpoet Newsletters	Version 2.1.5
Mailpoet Mailpoet Newsletters	Version 2.1.6
Mailpoet Mailpoet Newsletters	Version 2.1.7
Mailpoet Mailpoet Newsletters	Version 2.1.8
Mailpoet Mailpoet Newsletters	Version 2.1.9
Mailpoet Mailpoet Newsletters	Version 2.1
Mailpoet Mailpoet Newsletters	Version 2.2.1
Mailpoet Mailpoet Newsletters	Version 2.2.2
Mailpoet Mailpoet Newsletters	Version 2.2.3
Mailpoet Mailpoet Newsletters	Version 2.2
Mailpoet Mailpoet Newsletters	Version 2.3.1
Mailpoet Mailpoet Newsletters	Version 2.3.2
Mailpoet Mailpoet Newsletters	Version 2.3.3
Mailpoet Mailpoet Newsletters	Version 2.3.4
Mailpoet Mailpoet Newsletters	Version 2.3.5
Mailpoet Mailpoet Newsletters	Version 2.3
Mailpoet Mailpoet Newsletters	Version 2.4.1
Mailpoet Mailpoet Newsletters	Version 2.4.2
Mailpoet Mailpoet Newsletters	Version 2.4.3
Mailpoet Mailpoet Newsletters	Version 2.4.4
Mailpoet Mailpoet Newsletters	Version 2.4
Mailpoet Mailpoet Newsletters	Version 2.5.1
Mailpoet Mailpoet Newsletters	Version 2.5.2
Mailpoet Mailpoet Newsletters	Version 2.5.3
Mailpoet Mailpoet Newsletters	Version 2.5.4
Mailpoet Mailpoet Newsletters	Version 2.5.5
Mailpoet Mailpoet Newsletters	Version 2.5.7
Mailpoet Mailpoet Newsletters	Version 2.5.8
Mailpoet Mailpoet Newsletters	Version 2.5.9.1
Mailpoet Mailpoet Newsletters	Version 2.5.9.2
Mailpoet Mailpoet Newsletters	Version 2.5.9.3
Mailpoet Mailpoet Newsletters	Version 2.5.9.4
Mailpoet Mailpoet Newsletters	Version 2.5.9
Mailpoet Mailpoet Newsletters	Version 2.5
Mailpoet Mailpoet Newsletters	Version 2.6.1
Mailpoet Mailpoet Newsletters	Version 2.6.2
Mailpoet Mailpoet Newsletters	Version 2.6.3
Mailpoet Mailpoet Newsletters	Version 2.6.4
Mailpoet Mailpoet Newsletters	Version 2.6.5
Mailpoet Mailpoet Newsletters	Version 2.6
Mailpoet Mailpoet Newsletters	Version 2.6 beta