CVE-2019-19980

Name of the Vulnerable Software and Affected Versions Email Subscribers & Newsletters versions prior to 4.2.3

Description The issue allows authenticated users with Subscriber or greater access to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp ajax function to send test emails, specifically the send test email function.

Recommendations For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative dashboard or limiting the privileges of authenticated users to prevent exploitation.