Lucene search
+L

132 matches found

CVE
CVE
added 2024/01/08 7:0 p.m.42 views

CVE-2023-6555

CVE-2023-6555 affects the Email Subscription Popup WordPress plugin prior to 1.2.20. The vulnerability is a Reflected XSS caused by not sanitizing/escaping a parameter before echoing it back in the page, potentially exploitable against high-privilege users (e.g., admins). Public details in connec...

6.1CVSS6AI score0.00442EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.7 views

WordPress Plugin Email Subscription Popup Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS6.2AI score0.00442EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.8 views

PT-2024-15004 · WordPress · Email Subscription Popup

Name of the Vulnerable Software and Affected Versions: Email Subscription Popup WordPress plugin versions prior to 1.2.20 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back ...

6.1CVSS6AI score0.00442EPSS
Exploits2References6
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.19 views

Email Subscription Popup < 1.2.20 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

6.1CVSS5.8AI score0.00442EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/12/15 12:0 a.m.154 views

Email Subscription Popup < 1.2.20 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open " /...

6.1CVSS6AI score0.00442EPSS
Exploits2
NVD
NVD
added 2023/12/06 5:15 a.m.37 views

CVE-2023-6527

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00378EPSS
Exploits0References2
OSV
OSV
added 2023/12/06 5:15 a.m.5 views

CVE-2023-6527

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS7.4AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2023/12/06 4:32 a.m.73 views

CVE-2023-6527

Email Subscription Popup (WordPress plugin) is affected by a Reflected XSS via the HTTP_REFERER header in all versions up to 1.2.18 due to insufficient input sanitization and output escaping. Exploitation requires user interaction and unauthenticated access. Root cause: inadequate input handling ...

6.1CVSS6.2AI score0.00378EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/06 12:0 a.m.8 views

WordPress plugin Email Subscription Popup security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS6.8AI score0.00378EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/12/06 12:0 a.m.15 views

WordPress Email Subscription Popup Plugin <= 1.2.18 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscription Popup Type Plugin Vulnerable versions = 1.2.18 Fixed in 1.2.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6527 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 85e40131e875 Credits 0x9567b...

6.1CVSS5.6AI score0.00378EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.13 views

PT-2023-32688 · WordPress · Email Subscription Popup

Name of the Vulnerable Software and Affected Versions: Email Subscription Popup plugin for WordPress versions up to, and including, 1.2.18 Description: The issue is related to Reflected Cross-Site Scripting via the HTTP REFERER header due to insufficient input sanitization and output escaping. Th...

6.1CVSS6.5AI score0.00378EPSS
Exploits0References7
OSV
OSV
added 2023/11/15 1:15 a.m.3 views

CVE-2023-47308

In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...

9.8CVSS5.8AI score0.007EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/15 1:15 a.m.3 views

CVE-2023-47308

In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...

9.8CVSS7.4AI score0.007EPSS
Exploits0References2
OSV
OSV
added 2023/08/14 3:15 p.m.2 views

CVE-2023-30489

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2023/08/14 3:15 p.m.21 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...

5.8CVSS6AI score0.00358EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 2:3 p.m.10 views

CVE-2023-30489 WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...

7.1CVSS5.9AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2023/08/14 2:3 p.m.58 views

CVE-2023-30489

The CVE-2023-30489 entry corresponds to the WordPress Email Subscription Popup Plugin by I Thirteen Web Solution. Affected versions are

7.1CVSS6AI score0.00358EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.5 views

WordPress plugin Email Subscription Popup Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.1CVSS6AI score0.00358EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/04/13 12:0 a.m.14 views

WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscription Popup Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30489 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1c9d307f1d96 Credits...

7.1CVSS5.7AI score0.00358EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2021/04/01 3:43 a.m.18 views

Cross-site Scripting (XSS)

prestashop/psemailsubscription is vulnerable to cross-site scripting XSS. The vulnerability exists through the unsanitized values of NWCONDITIONS configuration in psemailsubscription.php...

5.4CVSS1.5AI score0.00786EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder