Description
WordPress Plugin Mailing List is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Mailing List version 1.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.2 or latest
References
Related Vulnerabilities
WordPress 3.1 Multiple Vulnerabilities (0.7 - 3.1)
WordPress 4.8.x Directory Traversal (4.8 - 4.8.24)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2017-3731)
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-19969)