Lucene search
+L

350 matches found

osv
osv
added 2025/01/13 6:15 a.m.4 views

CVE-2024-12566

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.8AI score0.00292EPSS
Exploits1References1
nvd
nvd
added 2025/01/13 6:15 a.m.24 views

CVE-2024-12566

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS0.00292EPSS
Exploits1References1
nvd
nvd
added 2025/01/13 6:15 a.m.19 views

CVE-2024-12568

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS0.00292EPSS
Exploits1References1
nvd
nvd
added 2025/01/13 6:15 a.m.29 views

CVE-2024-12567

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS0.00292EPSS
Exploits1References1
osv
osv
added 2025/01/13 6:15 a.m.4 views

CVE-2024-11636

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...

4.8CVSS7.3AI score0.00312EPSS
Exploits1References1
nvd
nvd
added 2025/01/13 6:15 a.m.35 views

CVE-2024-11636

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...

4.8CVSS0.00312EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/13 6:0 a.m.6 views

CVE-2024-12567 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.7AI score0.00292EPSS
Exploits1References1
cve
cve
added 2025/01/13 6:0 a.m.26 views

CVE-2024-12567

CVE-2024-12567 – Icegram Express Email Subscribers (WP plugin) prior to 5.7.45 stores and escapes settings poorly, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disabled. Impact described in sources as admin-level Stored XSS within form settings, multisit...

4.8CVSS5.4AI score0.00292EPSS
Exploits1References1Affected Software1
cve
cve
added 2025/01/13 6:0 a.m.32 views

CVE-2024-12568

CVE-2024-12568 affects the WordPress plugin “Email Subscribers by Icegram Express” (pre-5.7.45). The issue is a Stored XSS vulnerability caused by insufficient sanitization/escaping of Workflow settings, exploitable by high-privilege users (e.g., admins), and can occur even when unfiltered_html i...

4.8CVSS5.4AI score0.00292EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/01/13 6:0 a.m.11 views

CVE-2024-12568 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.7AI score0.00292EPSS
Exploits1References1
cvelist
cvelist
added 2025/01/13 6:0 a.m.36 views

CVE-2024-12567 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

0.00292EPSS
Exploits1References1
cvelist
cvelist
added 2025/01/13 6:0 a.m.22 views

CVE-2024-12568 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

0.00292EPSS
Exploits1References1
cve
cve
added 2025/01/13 6:0 a.m.32 views

CVE-2024-12566

CVE-2024-12566 affects the WordPress plugin Icegram Express (formerly Email Subscribers) for versions before 5.7.45. The issue is an admin+ stored XSS vulnerability caused by insufficient sanitisation/escaping of certain form settings, potentially enabling an admin to inject scripts even when unf...

4.8CVSS5.4AI score0.00292EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/01/13 6:0 a.m.27 views

CVE-2024-12566 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

0.00292EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/13 6:0 a.m.10 views

CVE-2024-12566 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.7AI score0.00292EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/13 6:0 a.m.12 views

CVE-2024-11636 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...

4.7AI score0.00312EPSS
Exploits1References1
cve
cve
added 2025/01/13 6:0 a.m.33 views

CVE-2024-11636

CVE-2024-11636 affects the Email Subscribers by Icegram Express WordPress plugin prior to 5.7.45. The issue is that certain Text Block options are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...

4.8CVSS5.4AI score0.00312EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/01/13 6:0 a.m.33 views

CVE-2024-11636 Email Subscribers < 5.7.45 - Admin+ Stored XSS

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...

0.00312EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/13 12:0 a.m.4 views

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

4.8CVSS8.3AI score0.00312EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/13 12:0 a.m.5 views

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

4.8CVSS8.2AI score0.00292EPSS
Exploits1References1
Rows per page
Query Builder