CVE-2019-19985

Medium

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user…

mitre·CWE-862·Published 2019-12-26

CVSS

5.3

EPSS

0.71

KEV

Exploits

cve.orgen

155 chars

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

NVDen

155 chars

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo que permitía la descarga de archivos no autenticados con una divulgación de información del usuario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	5.8	—	—	CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N
3.0	Primary	cve.org	5.8	—	—	CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N
3.0	Secondary	NVD	5.8	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N