Description
The WordPress plugin "MailPoet Newsletters" (wysija-newsletters) before version 2.6.8 is vulnerable to an unauthenticated file upload. An attacker can use the Upload Theme functionality to upload a zip file containing a PHP shell.
Remediation
Upgrade to the latest version of MailPoet Newsletters (this issue was fixed in version 2.6.8).
References
MailPoet Newsletters Changelog
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
WordPress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload
Related Vulnerabilities
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
WordPress Plugin WP Githuber MD Arbitrary File Upload (1.4.1)
WordPress Plugin Complete Gallery Manager for WordPress Arbitrary File Upload (3.3.3)
WordPress Plugin Uploader Cross-Site Scripting and Arbitrary File Upload Vulnerabilities (1.0.4)