I’m running Newsletter Manager Plugin and scanned my site with WPScan (wordpress Scan). WPscan came up with the following vulnerability…
[+] newsletter-manager
| Location: https://www.mcmo.is/wp-content/plugins/newsletter-manager/
| Latest Version: 1.5.1 (up to date)
| Last Updated: 2020-09-02T16:15:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Newsletter Manager <= 1.5.1 - Unauthenticated Insecure Deserialisation
| References:
| - https://wpscan.com/vulnerability/b82124b1-e5e1-4f1e-9513-90474fd3f066
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36727
| - https://blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/
|
| Version: 1.5.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.mcmo.is/wp-content/plugins/newsletter-manager/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.mcmo.is/wp-content/plugins/newsletter-manager/readme.txtWhen will there be an updated fix for this vulnerability? Please let me know! Thanks!
]]>I can’t edit a existing campaign on one of my clients sites. WP send me this “fatal error report” to me as admin.
Uppgifter om felet
==================
Ett fel av typen E_ERROR uppstod p? rad 509 i f?ljande fil: /storage/content/30/196630/oceaniaacademy.com/public_html/wp-content/plugins/newsletter-manager/admin/edit_campaign.php. Felorsak: Uncaught Error: Call to undefined function ecs_attr() in /storage/content/30/196630/oceaniaacademy.com/public_html/wp-content/plugins/newsletter-manager/admin/edit_campaign.php:509
Stack trace:
#0 /storage/content/30/196630/oceaniaacademy.com/public_html/wp-content/plugins/newsletter-manager/admin/menu.php(269): include()
#1 /storage/content/30/196630/oceaniaacademy.com/public_html/wp-includes/class-wp-hook.php(288): em_manage_campaigns(”)
#2 /storage/content/30/196630/oceaniaacademy.com/public_html/wp-includes/class-wp-hook.php(312): WP_Hook->apply_filters(”, Array)
#3 /storage/content/30/196630/oceaniaacademy.com/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)
#4 /storage/content/30/196630/oceaniaacademy.com/public_html/wp-admin/admin.php(254): do_action(‘xyz-newsletter_…’)
#5 {main}
thrown
So it says error on line 509 in: …/newsletter-manager/admin/edit_campaign.php
Error cause: Uncaught Error: Call to undefined function ecs_attr() in /storage/content/30/196630/oceaniaacademy.com/public_html/wp-content/plugins/newsletter-manager/admin/edit_campaign.php:509
And on another client site the sending out newsletter stopped after 249 (has 2000 left to send but stoped), and I get a “fatal error” from WP in my admin mail:
Uppgifter om felet
==================
Ett fel av typen E_ERROR uppstod p? rad 509 i f?ljande fil: /var/www/vhosts/starsofbeauty.se/httpdocs/wp-content/plugins/newsletter-manager/admin/edit_campaign.php. Felorsak: Uncaught Error: Call to undefined function ecs_attr() in /var/www/vhosts/starsofbeauty.se/httpdocs/wp-content/plugins/newsletter-manager/admin/edit_campaign.php:509
Stack trace:
#0 /var/www/vhosts/starsofbeauty.se/httpdocs/wp-content/plugins/newsletter-manager/admin/menu.php(269): include()
#1 /var/www/vhosts/starsofbeauty.se/httpdocs/wp-includes/class-wp-hook.php(286): em_manage_campaigns(”)
#2 /var/www/vhosts/starsofbeauty.se/httpdocs/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters(”, Array)
#3 /var/www/vhosts/starsofbeauty.se/httpdocs/wp-includes/plugin.php(465): WP_Hook->do_action(Array)
#4 /var/www/vhosts/starsofbeauty.se/httpdocs/wp-admin/admin.php(253): do_action(‘xyz-newsletter_…’)
#5 {main}
thrown
I hope there is a update/fix on the way so this excelent plugin can continue to work as goos as it has for many years ??
Thanks in advance!
// Roger
Either yours or plugin Event manager can work. By activating your plugin during Event manager is on there is a fatal error.
]]>Hey @sonittaxyzscripts,
Will you guys be pushing out an update to XYZ Newsletter Manager? According the the Plugin Repository, “This plugin was closed on May 20, 2019 and is no longer available for download.”
]]>Hi chaps, just a quicky.
All I really need is a (Round Robin Newsletter) for my web site.
Nothing fancy, and no heavy selling bells and whistles; tried lots, that don’t meet expectations! – (As limited as mine are).
One of my recent newsletters plug-ins caused some major errors before the browser/server cache was cleared, throwing up 500 errors.
– Feeling my fingers burned, and as a result: I am far more cautious than I really need to be. Which means digging into the lower star reviews.
So as a result of my research: I’m curious if this>was ever resolved, and does it have merit for concern.
Hope you can help.
]]>Hi,
Thanks for your efforts!
I am using this plugin for more than 30 sites. Currently, I am upgrading all sites in the latest version but facing issue with newsletter subscription. After upgrading wordpress and plugin to latest version newsletter subscription stops working. I am not able to see email id which I have submitted in backend.
Regards,
]]>I see the short code for everything except to add the signup to a page or post. I need to add it to a page, but can’t find the short code for that.
Thanks
]]>Hi,
when i am sending email from my site it is going to spam folder of all my email list
]]>I have the pro version of the newsletter plugin and in the statistic page I do not have the count of the unsubscribed.
Why does the free version have this and not the premium or pro version?
How can I enable this? Seems like an oversight…
Help!
]]>Hi,
I want to add an extra field in the form i.e(Last Name). Please guide me how to achieve this?
Regards
]]>Hi there, i’m interested about this plugin, but i just came to some questions on problems, that i need to solve for my client:
1. i want to be able send emails regulary 1 each day with latest posts from last day, but not on weekend, and on monday have there all posts from last 3 days
2. can i set shortcode into template? I need it because of including of ads
3. i need to filter posts by categories, resp. exlude some categories to be included into some email
is this possible? For me its enought if its possible trought some filters, thx
]]>I am using plugin to send basic text email newsletter to subscribers. When in the text editor, if I hit “enter” once and create something on the next line, it’s on the same line when newsletter is received by subscriber.
In other words, this in the text editor..
Thank you,
Site Staff…comes out as this in the delivered email…
Thank you,Site StaffIf I hit enter twice and create an empty line between two lines, this works fine in the delivered email. But there are some situations where I don’t want an empty line, such as when creating signatures.
Any suggestions on how I get a line of text to show up only one line under the previous line of text? Thanks for any help.
]]>The only user level that can see and access this Plugin on our site is Administrator.
We want to enable LOWER level users to use this. We do not want to have to give regular staff full Administrator access to the entire site.
I tried using User Role Editor to adjust very specific settings for this plugin access settings but it did not work.
How can we make this tool available to Author or Editor level users?
]]>Using XYZ WP Newsletter premium 1.31 with WordPress 4.2.1
When creating a new post, the default option for Auto Create Campaign Option is “Do Nothing”.
How do we change that default to be “Create campaign based on matching templates” instead?
Thanks
]]>Hi! I have a BuddyPress site with about 42,000 subscribers and about 50,000 pending users. I would like to send an HTML email to my subscribers in batches of 1000 (daily limit for emails from my hosting provider). I would also like to send an email to the 50,000 pending users after I finish sending the email to the 42,000 subscribers. I have added your plugin to my site but, can’t seem to figure out how to import my BuddyPress users into the plugin to send a message. Is there an easy way to do this? Please let me know. Thanks!
Jody
]]>Hi! I have a BuddyPress site with about 42,000 subscribers and about 50,000 pending users. I would like to send an HTML email to my subscribers in batches of 1000 (daily limit for emails from my hosting provider). I would also like to send an email to the 50,000 pending users after I finish sending the email to the 42,000 subscribers. I have added your plugin to my site but, can’t seem to figure out how to import my BuddyPress users into the plugin to send a message. Is there an easy way to do this? Please let me know. Thanks!
Jody
]]>I do not see the widget for Newsletter Manager under Available Widgets so I am unable to add it to any of my sidebars… this is a big problem. It was there before but I think WP upgraded itself to version 4.0 and maybe that is causing this problem? As you can see I was able to add it as a widget earlier, but now I cannot access it under available widgets
Please help.. how can I fix this??
http;//www.internetswebdesign.com/wp.jpg
]]>Hi, i want to ask why when a user subscribes to newsletter’s website it doesn’t send me (webmaster) an email with the datas of subcription.
where should i set it?
thanks
Hi, i want to ask why when a user subscribes to newsletter’s website it doesn’t send me (webmaster) an email with the datas of subcription.
where should i set it?
thanks
Hi, i want to ask why when a user subscribes to newsletter’s website it doesn’t send me (webmaster) an email with the datas of subcription.
where should i set it?
thanks
After updating Newsletter Manager it blocked access to all the plugins in the WordPress Admin area. I had to contact my site hosting whom isolated the problem. I really like this plugin, can you tell me how to rectify this issue?
]]>Every time I try to update the settings, I get a 403 error. Is there anything I can do to fix it?
Thanks.
]]>Hello. I want to set my subscription activated email to provide a link allowing subscribers to immediately unsubscribe from my newsletter. Unfortunately {unsubscribe-url} doesn’t seem to work in the subscription activated email.
]]>Plugin version: 1.3
WP version: 3.9.1
When I attempt to export either all or a subset of the email addresses the email addresses export properly, but the name from the first record is used as the name for every record that comes later in the export file, so, all of the records have the same name as the first record. This makes the export file pretty useless.
]]>Hello, a quick question.
I have set up a campaign to be sent to 1000 or something recipients. My web hosting company allows maximum 200 mails/h so I set that in the settings for the plugin. In the campaign I set the Batch size to 1000. However after an hour only 200 mails have been sent. If I click “Execute Campaign” will the application send it to the next 200 or will it start again? The Campaign is currently Active.
I have not set up a cronb job, sins I don’t really know how to do it, but will get help from my web hosting provider later.
Regards Andy
]]>Hello! after creating a campaign there is no campaign in the campaign list, only says “Campaign not found” what am I doing wrong?
Regards Andy
]]>How to translate “Newsletter Manager” into Russian? (WP Russian already installed.)
]]>Hi,
There doesn’t seem to be anyway to import, as the button to browse to a file is missing.
Any ideas?
Thanks
]]>in the XYZ newsletter manager, when I create a template there doesn’t seem to be any way to actually create an e-mail campaign using that template, what am I missing?
]]>hello
thanks for the awsome plugin but
i cant get the unsubscription link working
can you thell me wat to do?