Full title: Wordpress MailPoet (wysija-newsletters) Unauthenticated file Upload 
Category: remote exploits
Platform: php
The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.7 is vulnerable to an unauthenticated file upload. The exploits uses the upload Theme functionality to upload a zip file containing the payload. The plugin used the admin_init hook without knowning the hook is also executed for unauthenticated users when calling the right URL.

# 0day.today @ http://0day.today/