From f9b10dc9db45f400918348b777f662c7140ee5fe Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Tue, 1 Jul 2014 18:04:09 +0200
Subject: [PATCH] Added wysija-newsletters plugin file upload found by Sucuri

---
 data/plugin_vulns.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index ddc1ebdc..9443b56a 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -6740,6 +6740,14 @@
   </plugin>
 
   <plugin name="wysija-newsletters">
+    <vulnerability>
+      <title>Wysija Newsletters - Remote File Upload</title>
+      <references>
+        <url>http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html</url>
+      </references>
+      <type>UPLOAD</type>
+      <fixed_in>2.6.7</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Wysija Newsletters 2.2 - SQL Injection Vulnerability</title>
       <references>