CVE-2014-4939

Name of the Vulnerable Software and Affected Versions enl-newsletter plugin version 1.0.1

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the id parameter in the "enl-add-new" page to "wp-admin/admin.php".

Recommendations For enl-newsletter plugin version 1.0.1, avoid using the id parameter in the "enl-add-new" page until the issue is resolved. Consider restricting access to the enl-add-new page in wp-admin/admin.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.