Lucene search
K

115 matches found

Patchstack
Patchstack
added 2025/09/25 1:27 p.m.7 views

WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Email marketing for WordPress by GetResponse Official versions = 1.5.3...

7.5CVSS7AI score0.00174EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.6 views

CVE-2025-59549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms: from n/a through = 2.6.0...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:16 p.m.18 views

CVE-2025-59549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms: from n/a through = 2.6.0...

6.5CVSS0.0019EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 6:31 p.m.7 views

WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin GetResponse Forms versions = 2.6.0...

6.5CVSS6AI score0.0019EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 6:26 p.m.6 views

CVE-2025-59549 WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0...

6.5CVSS5.6AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:26 p.m.14 views

CVE-2025-59549

CVE-2025-59549 is a stored XSS in GetResponse Forms by Optin Cat for WordPress, affecting plugin versions up to 2.6.0. Root cause: improper neutralization of input during web page generation. Impact is cross-site scripting when an attacker injects malicious input; exploit details are not provided...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:26 p.m.11 views

CVE-2025-59549 WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms: from n/a through = 2.6.0...

6.5CVSS0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.4 views

WordPress plugin GetResponse Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.7 views

PT-2025-39034

Name of the Vulnerable Software and Affected Versions GetResponse Forms versions through 2.6.0 Description An issue exists in GetResponse Forms related to improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting XSS condition. The issue allows for the...

6.5CVSS5.5AI score0.0019EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.7 views

CVE-2024-8740

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:5 a.m.11 views

CVE-2024-31104

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33...

6.5CVSS8.6AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.9 views

CVE-2023-0167

The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00534EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/01/07 7:14 a.m.7 views

WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability

Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

5.3CVSS7AI score0.00324EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.9 views

CVE-2024-12157

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.0096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.6 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS6.8AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 2025/01/07 4:22 a.m.44 views

CVE-2024-12158

CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...

5.3CVSS5.2AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.17 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2024/10/18 5:15 a.m.15 views

CVE-2024-8740

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00382EPSS
Exploits0References3
OSV
OSV
added 2024/10/18 5:15 a.m.3 views

CVE-2024-8740

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00382EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/18 4:32 a.m.13 views

CVE-2024-8740 GetResponse Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score0.00382EPSS
Exploits0References3
Rows per page
Query Builder