Intrusion Prevention

WordPress.Newsletter.Preview.php.File.Disclosure

Description

This indicates an attack attempt against a Directory Traversal vulnerability in WordPress Newsletter.
The vulnerability is caused by a lack of sanitizing of the parameter "data" that is passed to "preview.php". It may allow remote attackers to read arbitrary file via a crafted HTTP request.

Affected Products

Newsletter plugin 1.5 for WordPress

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2012-3588