CVE-2014-4725

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

We have discovered 201 live websites that are affected by CVE-2014-4725.

Test my site

Affected Software

Product	MailPoet Newsletters
Category	Wordpress Plugins
Vulnerable Domains	201 live websites (1.18% of MailPoet Newsletters install base)
Vulnerable Versions	from 0 before 2.6.7
Vulnerable Versions Count	42 versions ( 46.15% of all versions)