CVE-2024-5674

Name of the Vulnerable Software and Affected Versions The Newsletter - API v1 and v2 addon plugin for WordPress versions up to, and including, 2.4.5

Description The issue allows unauthorized management of subscribers due to a PHP type juggling problem in the check api key function. This enables unauthenticated attackers to list, create, or delete newsletter subscribers. The problem specifically affects sites running PHP versions below 8.0.

Recommendations For versions up to, and including, 2.4.5, update to a version above 2.4.5 to resolve the issue. As a temporary workaround, consider disabling the check api key function until a patch is available.