CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Xyzscripts: >> Newsletter Manager >> 1.2.4 Security Vulnerabilities

CVE-2020-36727

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.

CVSS Score

9.8

EPSS Score

0.008

Published

2023-06-07

Page 1

Vulnerabilities

Vulnerable Software

Xyzscripts: >> Newsletter Manager >> 1.2.4 Security Vulnerabilities

Products

Pricing

Contact Us