CVE-2012-3588

CVE Database · CVE-2012-3588

CVE-2012-3588

· N/AModified

CVSS v3.1

N/A

EPSS

10.70%

Published

Jun 19, 2012

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBWordPress Plugin NewsLetter 1.5 - Remote File Disclosure TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.

Weaknesses (CWE)

CWE-22

Affected Products (2)

wordpress · plugin_newsletter_pluginvulnerable

wordpress · wordpress

References (8)

http://secunia.com/advisories/49464

Vendor Advisory

http://www.exploit-db.com/exploits/19018

Exploit

http://www.opensyscom.fr/Actualites/wordpress-plugins-plugin-newsletter-remote-file-disclosure-vulnerability.html

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/76171

http://secunia.com/advisories/49464

Vendor Advisory

http://www.exploit-db.com/exploits/19018

Exploit

http://www.opensyscom.fr/Actualites/wordpress-plugins-plugin-newsletter-remote-file-disclosure-vulnerability.html

Exploit

KEV Catalog EPSS Scores Vendors All CVEs