Lucene search
K

52 matches found

Cvelist
Cvelist
added 2025/11/21 12:29 p.m.10 views

CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

7.2CVSS0.0038EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/02 12:0 a.m.15 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.34 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.34 Fixed in 5.7.35 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-8254 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5c96fd3dcc6d Credits Arkadiusz...

6.3CVSS6.6AI score0.00495EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/26 11:15 a.m.27 views

CVE-2024-37252

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25...

9.3CVSS0.00536EPSS
Exploits0References1
CVE
CVE
added 2024/06/26 10:13 a.m.65 views

CVE-2024-37252

CVE-2024-37252 affects WordPress Email Subscribers by Icegram Express plugin (

9.3CVSS9.7AI score0.00536EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/12 8:13 a.m.4 views

WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability

Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...

8.8CVSS8AI score0.00454EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/09 5:23 p.m.18 views

CVE-2024-31352 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13...

5.3CVSS6.9AI score0.00386EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/16 1:2 a.m.10 views

WordPress Icegram Express plugin <= 5.7.14 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.14...

9.8CVSS8.1AI score0.80596EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.26 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.14 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.14 Fixed in 5.7.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2876 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9b57a92f98bb Credits Arkadiusz Hydzik Required...

9.8CVSS6.8AI score0.80596EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.10 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.13 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.13 Fixed in 5.7.14 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31352 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1e92fe5167c9 Credits Mika Requir...

9.8CVSS6.6AI score0.00386EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/27 6:15 a.m.14 views

CVE-2024-22300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11...

7.1CVSS6.9AI score0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/27 5:56 a.m.16 views

CVE-2024-22300 WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11...

7.1CVSS6.9AI score0.00394EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.12 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.11 Fixed in 5.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 33b39d3a1006 Credits Rafie Muhammad...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2022/03/22 12:0 a.m.19 views

WordPress Email Subscribers Plugin < 5.3.2 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.8CVSS8.8AI score0.04184EPSS
Exploits3References1
Prion
Prion
added 2022/03/07 9:15 a.m.22 views

Sql injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

6.5CVSS9AI score0.04184EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2022/03/07 8:16 a.m.118 views

CVE-2022-0439

CVE-2022-0439 affects the Email Subscribers & Newsletters WordPress plugin prior to 5.3.2. The vulnerability arises from improper escaping of the order and orderby parameters in the ajax_fetch_report_list action, enabling blind SQL injection. CSRF protection is also absent for this action, allowi...

8.8CVSS9AI score0.04184EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.9 views

WordPress plugin Email Subscribers & Newsletters SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...

8.8CVSS8.1AI score0.04184EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2020/09/14 12:0 a.m.29 views

WordPress Plugin 'Email Subscribers & Newsletters' < 4.5.6 Email Forgery/Spoofing Vulnerability.

The WordPress application running on the remote host has a version of the 'Email Subscribers & Newsletters' plugin that is affected by an email forgery/spoofing vulnerability in the class-es-newsletters.php class due to missing authentication for a critical function. An unauthenticated, remote...

5.3CVSS5.9AI score0.01634EPSS
Exploits2References2
Patchstack
Patchstack
added 2020/09/10 12:0 a.m.7 views

WordPress Email Subscribers & Newsletters plugin <= 4.5.5 - Unauthenticated email forgery/spoofing vulnerability

Unauthenticated email forgery/spoofing vulnerability found by Alex Peña in WordPress Email Subscribers & Newsletters plugin versions = 4.5.5. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 4.5.6...

2.4AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/08/27 12:0 a.m.29 views

WordPress Plugin 'Email Subscribers & Newsletters' Multiple Vulnerabilities

The WordPress application running on the remote host has a version of the 'Email Subscribers & Newsletters' plugin that is affected by multiple vulnerabilities. - A cross-site request forgery CSRF vulnerability exists in the sendtestemail component. An unauthenticated, remote attacker can exploit...

6.5CVSS5.9AI score0.01966EPSS
Exploits4References4
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.448 views

WordPress Email Subscribers And Newsletters 4.2.2 File Disclosure

Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Date: 2020-07-20 Exploit Author: KBA@SOGETIESEC Vendor Homepage: https://www.icegram.com/email-subscribers/ Softwar...

5CVSS5.5AI score0.71399EPSS
Exploits4
Rows per page
Query Builder