Spoofing risk quashed
Security researchers have discovered a serious security flaw in a popular WordPress plugin geared towards handling email lists that creates a means for unauthenticated attackers to send spoofed messages.
The recently resolved flaw affects WordPress Email Subscribers & Newsletters by Icegram, an email marketing plugin with more than 100,000 active installations. Users of the plugin should upgrade to version 4.5.6 or higher.
More specifically, the email forgery/spoofing vulnerability effects the class-es-newsletters.php class,…