CVE-2019-19985 Scanner

The Email Subscribers & Newsletters plugin is a useful tool available on the WordPress platform for bloggers and website owners to connect with their subscribers through email. This plugin allows users to create and send newsletters to their subscribers, as well as monitor the performance of their email campaigns. Users can also customize the design of their emails, schedule them, and manage their subscribers.

Unfortunately, the plugin had a serious vulnerability, known as CVE-2019-19985, which allowed unauthenticated file download with user information disclosure. This vulnerability could be exploited by an attacker who could potentially download sensitive user information, including email addresses, names, and other personal data without any authentication. The vulnerability could also be exploited to gain unauthorized access to the website's backend, allowing an attacker to install malware or compromise the website.

When exploited, CVE-2019-19985 could lead to severe consequences. The attacker could potentially steal confidential data and use it for malicious purposes, such as identity theft or spamming unsuspecting victims. The vulnerability could also lead to reputational damage for the website and its owner, as users may lose trust in the website's security and credibility.

Thanks to the Pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform provides a comprehensive vulnerability assessment that helps users identify potential threats and vulnerabilities in their websites and applications. With this tool, website owners can stay one step ahead of attackers and protect their digital assets effortlessly.

REFERENCES

• http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html
• https://wpvulndb.com/vulnerabilities/9946
• https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/