The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
More than 100,000 WordPress websites are affected by a high-severity flaw in a plugin that assists websites in sending out emails and newsletters to subscribers.
The vulnerability exists in the Email Subscribers & Newsletters plugin by Icegram, which enables users to collect leads, send automated new blog post notification emails. A remote, unauthenticated attacker can exploit the flaw to send forged emails to all recipients from the available lists of contacts or subscribers – with complete control over the content and subject of the email.
To fix the flaw, users must “upgrade to WordPress Email Subscribers & Newsletters plugin by Icegram version 4.5.6 or higher,” according to researchers at Tenable, who discovered the flaw, in an advisory on Thursday.
To read the original article:https://threatpost.com/wordpress-plugin-flaw/159172/