Intrusion Prevention



This indicates an attack attempt against a Directory Traversal vulnerability in WordPress Newsletter.
The vulnerability is caused by a lack of sanitizing of the parameter "data" that is passed to "preview.php". It may allow remote attackers to read arbitrary file via a crafted HTTP request.

Affected Products

Newsletter plugin 1.5 for WordPress


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References