Blind SQL Injection Vulnerability in Email Subscribers & Newsletters Plugin

CVE-2019-20361 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

Learn more about our Wordpress Pen Testing.