Lucene search
+L

132 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.7 views

CVE-2024-11195

The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.9 views

CVE-2023-30489

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...

7.1CVSS5.8AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:14 a.m.7 views

CVE-2023-6527

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.1AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.8 views

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export;=1 URI...

5.3CVSS6.9AI score0.01516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 a.m.16 views

CVE-2019-14801

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection...

9.8CVSS7.7AI score0.01815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.10 views

CVE-2019-14799

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS...

6.1CVSS7AI score0.02022EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:10 a.m.10 views

CVE-2005-0157

The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned...

7.5CVSS6.8AI score0.012EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/18 4:40 p.m.6 views

Unsolicited Email Subscription (Spam Abuse)

Shopware is vulnerable to Unsolicited Email Subscription Spam Abuse. The vulnerability is due to insecure default double-opt-in settings due to the lack of confirmation requirements for newsletter sign-ups, allowing attackers to register arbitrary emails and trigger unsolicited emails without use...

6.9CVSS6.9AI score0.0029EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/06 2:33 a.m.13 views

CVE-2025-24587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...

7.6CVSS7.4AI score0.32467EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:44 a.m.9 views

CVE-2024-27960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20...

7.1CVSS8.6AI score0.00331EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/01/31 12:54 a.m.475 views

Exploit for CVE-2025-24587

CVE-2025-24587 1️⃣ Component type WordPress plugin 2️⃣ ...

7.6CVSS9.9AI score0.32467EPSS
Exploits1
NVD
NVD
added 2025/01/24 6:15 p.m.16 views

CVE-2025-24587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...

7.6CVSS0.32467EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/24 5:27 p.m.5 views

CVE-2025-24587 WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...

7.6CVSS7.3AI score0.32467EPSS
Exploits1References1
CVE
CVE
added 2025/01/24 5:27 p.m.61 views

CVE-2025-24587

CVE-2025-24587 affects the WordPress plugin “Email Subscription Popup” up to version 1.2.23. Description confirms an SQL Injection : improper neutralization of special elements in SQL queries enabling blind SQL injection. Connected documents corroborate the plugin name and vulnerability class; Re...

7.6CVSS7.3AI score0.32467EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/24 5:27 p.m.33 views

CVE-2025-24587 WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...

7.6CVSS0.32467EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.10 views

WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Webula in WordPress Plugin Email Subscription Popup versions = 1.2.23...

7.6CVSS8.1AI score0.32467EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.9 views

PT-2025-5424

Name of the Vulnerable Software and Affected Versions I Thirteen Web Solution Email Subscription Popup versions 1.2.23 and earlier Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL...

7.6CVSS8.6AI score0.32467EPSS
Exploits1References6
Wordfence Blog
Wordfence Blog
added 2025/01/23 3:41 p.m.72 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

10CVSS10AI score0.02847EPSS
Exploits26
OSV
OSV
added 2024/11/19 11:15 a.m.5 views

CVE-2024-11195

The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.0036EPSS
Exploits0References4
NVD
NVD
added 2024/11/19 11:15 a.m.14 views

CVE-2024-11195

The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0036EPSS
Exploits0References4
Rows per page
Query Builder