207 matches found
Sql injection
Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...
CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...
CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...
CVE-2021-44779
CVE-2021-44779 affects the WordPress plugin GWA AutoResponder (versions
WordPress plugin SQL注入漏洞
WordPress plugin is an open source application plugin for WordPress. WordPress plugin suffers from a SQL injection vulnerability that stems from an unauthenticated SQL injection SQLi vulnerability found in the AutoResponder plugin, vulnerable at &listid...
GWA AutoResponder <= 2.3 - Unauthenticated SQL Injection
The plugin does not validate and escape the listid before using it in SQL statements, leading to SQL Injections which can be exploited by unauthenticated users...
WordPress [GWA] AutoResponder plugin <= 2.3 - Authenticated SQL Injection (SQLi) vulnerability at &orderby
Authenticated SQL Injection SQLi vulnerability at &orderby discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation...
WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline...
WordPress [GWA] AutoResponder plugin <= 2.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation...
WordPress [GWA] AutoResponder plugin <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Multiple Persistent Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF leading to Multiple Persistent Cross-Site Scripting XSS discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...
WordPress [GWA] AutoResponder <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) at &Subject
Cross-Site Request Forgery CSRF leading to Persistent Cross-Site Scripting XSS at &Subject discovered by m0ze Patchstack in WordPress GWA AutoResponder versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...
NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...
Ozeki NG SMS Gateway Path Traversal Vulnerability
Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A path traversal vulnerability exists in the "Script Name" of the "Autoresponder" module in Ozeki NG SMS Gateway 4.17.6 and earlier. The vulnerability can be exploited to write or overwrite arbitrary files with...
Denial Of Service (DoS)
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability exists in multiple functions because of sending large autoresponder messages which allows an attacker to crash the application via malicious input...
cPanel cross-site scripting vulnerability (CNVD-2019-28986)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in api1listautoresponders in cPanel versions prior to 60.0.25. The vulnerability stem...
WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...
WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated reflected Cross-Site Scripting (XSS) vulnerability
Authenticated reflected Cross-Site Scripting XSS vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...
WordPress Arigato Autoresponder and Newsletter Plugin < 2.5.2 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112446";...
Sql injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the delids variable by POST request...
CVE-2018-1002009
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable...