CVE-2019-19985
CVE-2019-19985
Vexday Risk Score
92Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS 5.8EPSS 71.4%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
26 Dec 2019Published on NVD
26 Jul 2020Public PoC
Weaponization speed
213 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48698unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.