16 matches found
EUVD-2021-11402
Malware in sbrugna...
CVE-2021-24490
The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...
CVE-2021-24490
The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...
CVE-2021-24490
The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...
Cross site request forgery (csrf)
The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...
CVE-2021-24490
The CVE-2021-24490 entry concerns the WordPress plugin Email Artillery (MASS EMAIL) up to version 4.1, where the Import Emails feature allows arbitrary file uploads due to improper validation and also lacks CSRF protection. The root cause is failure to properly check uploaded files and the absenc...
CVE-2021-24490 Email Artillery <= 4.1 - Arbitrary File Upload
The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...
WordPress 插件代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin that stems from the Email Artillery MASS EMAIL plugin...
Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting
The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=etmbu-all-posts=yes=no="="...
Email Artillery <= 4.1 - Multiple Authenticated SQL Injections
The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections PoC https://example.com/wp-admin/admin.php?page=etmbu-all-posts=yesid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...
Email Artillery <= 4.1 - Arbitrary File Upload
The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...
Email Artillery <= 4.1 - CSRF to Stored XSS
The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. PoC...
Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting
The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin...
Email Artillery <= 4.1 - Multiple Authenticated SQL Injections
The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&postid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...
Email Artillery <= 4.1 - CSRF to Stored XSS
The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. alert/XSS/' /...
Email Artillery <= 4.1 - Arbitrary File Upload
The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...