Lucene search
+L

350 matches found

patchstack
patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00292EPSS
Exploits1References1Affected Software1
redhatcve
redhatcve
added 2025/12/25 1:23 p.m.7 views

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

7.2CVSS5.9AI score0.0037EPSS
Exploits0References1
euvd
euvd
added 2025/12/24 3:30 p.m.5 views

EUVD-2025-205272

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through = 5.9.11...

9.8CVSS6.5AI score0.0037EPSS
Exploits0References2
nvd
nvd
added 2025/12/24 1:16 p.m.7 views

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

7.2CVSS0.0037EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/24 12:0 a.m.12 views

PT-2025-53251

Name of the Vulnerable Software and Affected Versions Icegram Icegram Express Pro versions through 5.9.11 Description A flaw exists in Icegram Icegram Express Pro email-subscribers-premium related to the deserialization of untrusted data, potentially leading to object injection. Recommendations...

9.8CVSS6.7AI score0.0037EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/12/12 9:20 a.m.4 views

CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

5.3CVSS5.9AI score0.00381EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/12 9:20 a.m.30 views

CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

5.3CVSS0.00381EPSS
Exploits0References4
cve
cve
added 2025/12/12 9:20 a.m.18 views

CVE-2025-12348

CVE-2025-12348 is an issue in the Icegram Express Email Subscribers & Newsletters WordPress plugin. According to the connected Wordfence document, versions up to and including 5.9.10 are vulnerable to Missing Authorization in the run_action_scheduler_task function, allowing unauthenticated attack...

5.3CVSS5.9AI score0.00381EPSS
Exploits0References4
patchstack
patchstack
added 2025/12/12 12:20 a.m.7 views

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability

Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability discovered by Adrian Lukita in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...

5.3CVSS6.8AI score0.00381EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/11/22 12:34 p.m.7 views

CVE-2025-66055

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

7.2CVSS7AI score0.0038EPSS
Exploits0References1
euvd
euvd
added 2025/11/21 3:31 p.m.5 views

EUVD-2025-198485

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

7.2CVSS6.5AI score0.0038EPSS
Exploits0References2
nvd
nvd
added 2025/11/21 1:15 p.m.5 views

CVE-2025-66055

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

7.2CVSS0.0038EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/21 12:29 p.m.10 views

CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

7.2CVSS0.0038EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/21 12:29 p.m.4 views

CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

7.2CVSS6.6AI score0.0038EPSS
Exploits0References1
cve
cve
added 2025/11/21 12:29 p.m.18 views

CVE-2025-66055

CVE-2025-66055 describes a deserialization of untrusted data vulnerability in Icegram Email Subscribers & Newsletters (plugin: email-subscribers) that allows PHP object injection. Public references across multiple sources (NVD/ Red Hat/EUVD/CVE lists, Wordfence) state the affected range as WordPr...

7.2CVSS6.6AI score0.0038EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/11/21 12:0 a.m.5 views

PT-2025-47731

Name of the Vulnerable Software and Affected Versions Icegram Email Subscribers & Newsletters versions through 5.9.10 Description A flaw exists in Icegram Email Subscribers & Newsletters related to the deserialization of untrusted data, which can lead to object injection. This issue impacts the...

7.2CVSS6.7AI score0.0038EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/21 12:0 a.m.7 views

WordPress plugin Email Subscribers & Newsletters 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.2CVSS5.8AI score0.0038EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/19 4:28 a.m.14 views

CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

5.3CVSS0.00271EPSS
Exploits0References4
cve
cve
added 2025/11/19 4:28 a.m.20 views

CVE-2025-12349

CVE-2025-12349 concerns the WordPress plugin Icegram Express – Email Subscribers, Newsletters and Marketing Automation . The vulnerability is a missing authorization check in the function trigger_mailing_queue_sending , allowing unauthenticated actors to force immediate email sending, bypass the ...

5.3CVSS5.7AI score0.00271EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/19 12:0 a.m.6 views

WordPress plugin Email Subscribers & Newsletters 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An Access Control Erro...

5.3CVSS6.6AI score0.00271EPSS
Exploits0References5
Rows per page
Query Builder