132 matches found
CVE-2024-11195
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2023-30489
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...
CVE-2023-6527
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2019-14800
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export;=1 URI...
CVE-2019-14801
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection...
CVE-2019-14799
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS...
CVE-2005-0157
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned...
Unsolicited Email Subscription (Spam Abuse)
Shopware is vulnerable to Unsolicited Email Subscription Spam Abuse. The vulnerability is due to insecure default double-opt-in settings due to the lack of confirmation requirements for newsletter sign-ups, allowing attackers to register arbitrary emails and trigger unsolicited emails without use...
CVE-2025-24587
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...
CVE-2024-27960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20...
Exploit for CVE-2025-24587
CVE-2025-24587 1️⃣ Component type WordPress plugin 2️⃣ ...
CVE-2025-24587
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...
CVE-2025-24587 WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...
CVE-2025-24587
CVE-2025-24587 affects the WordPress plugin “Email Subscription Popup” up to version 1.2.23. Description confirms an SQL Injection : improper neutralization of special elements in SQL queries enabling blind SQL injection. Connected documents corroborate the plugin name and vulnerability class; Re...
CVE-2025-24587 WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...
WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Webula in WordPress Plugin Email Subscription Popup versions = 1.2.23...
PT-2025-5424
Name of the Vulnerable Software and Affected Versions I Thirteen Web Solution Email Subscription Popup versions 1.2.23 and earlier Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
CVE-2024-11195
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11195
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's printemailsubscribeform shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...