132 matches found
CVE-2023-6555
CVE-2023-6555 affects the Email Subscription Popup WordPress plugin prior to 1.2.20. The vulnerability is a Reflected XSS caused by not sanitizing/escaping a parameter before echoing it back in the page, potentially exploitable against high-privilege users (e.g., admins). Public details in connec...
WordPress Plugin Email Subscription Popup Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-15004 · WordPress · Email Subscription Popup
Name of the Vulnerable Software and Affected Versions: Email Subscription Popup WordPress plugin versions prior to 1.2.20 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back ...
Email Subscription Popup < 1.2.20 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...
Email Subscription Popup < 1.2.20 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open " /...
CVE-2023-6527
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-6527
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-6527
Email Subscription Popup (WordPress plugin) is affected by a Reflected XSS via the HTTP_REFERER header in all versions up to 1.2.18 due to insufficient input sanitization and output escaping. Exploitation requires user interaction and unauthenticated access. Root cause: inadequate input handling ...
WordPress plugin Email Subscription Popup security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Email Subscription Popup Plugin <= 1.2.18 is vulnerable to Cross Site Scripting (XSS)
Software Email Subscription Popup Type Plugin Vulnerable versions = 1.2.18 Fixed in 1.2.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6527 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 85e40131e875 Credits 0x9567b...
PT-2023-32688 · WordPress · Email Subscription Popup
Name of the Vulnerable Software and Affected Versions: Email Subscription Popup plugin for WordPress versions up to, and including, 1.2.18 Description: The issue is related to Reflected Cross-Site Scripting via the HTTP REFERER header due to insufficient input sanitization and output escaping. Th...
CVE-2023-47308
In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...
CVE-2023-47308
In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...
CVE-2023-30489
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...
CVE-2023-30489 WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...
CVE-2023-30489
The CVE-2023-30489 entry corresponds to the WordPress Email Subscription Popup Plugin by I Thirteen Web Solution. Affected versions are
WordPress plugin Email Subscription Popup Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)
Software Email Subscription Popup Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30489 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1c9d307f1d96 Credits...
Cross-site Scripting (XSS)
prestashop/psemailsubscription is vulnerable to cross-site scripting XSS. The vulnerability exists through the unsanitized values of NWCONDITIONS configuration in psemailsubscription.php...