104 matches found
PT-2024-16029 · WordPress · Mailpoet
Name of the Vulnerable Software and Affected Versions: MailPoet WordPress plugin versions prior to 5.3.2 Description: A vulnerability was found in the MailPoet WordPress plugin that allows Stored XSS on behalf of the editor by embedding malicious script. This can lead to account takeover backdoor...
CVE-2024-9938
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9938
CVE-2024-9938 concerns Bounce Handler MailPoet 3 for WordPress, vulnerable to a Reflected Cross-Site Scripting (XSS) via the page parameter in versions
WordPress plugin Bounce Handler MailPoet 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Bounce Handler MailPoet 3 plugin <= 1.3.21 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Bounce Handler MailPoet 3 versions = 1.3.21...
WordPress Bounce Handler MailPoet 3 Plugin <= 1.3.21 is vulnerable to Cross Site Scripting (XSS)
Software Bounce Handler MailPoet 3 Type Plugin Vulnerable versions = 1.3.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9938 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ab6f81da0c5a Credits Colin Xu...
WordPress MailPoet Plugin < 3.23.2 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mailpoet:mailpoet"; ifdescription...
CVE-2014-125104
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...
CVE-2014-125104
CVE-2014-125104 concerns VaultPress Plugin up to 1.6.0 on WordPress. The vulnerability affects the function protect_aioseo_ajax in the file class.vaultpress-hotfixes.php within the MailPoet Plugin, enabling unrestricted upload. The issue is exploitable remotely. A fix exists: upgrade to VaultPres...
CVE-2014-125104 VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...
VulnCheck KEV: CVE-2014-4725
The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...
CVE-2019-11843
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...
CVE-2019-11843
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...
Cross site scripting
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...
CVE-2019-11843
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...
CVE-2019-11843
The CVE-2019-11843 entry refers to the WordPress MailPoet plugin before version 3.23.2, which is vulnerable to a Reflective Server-Side XSS via extra URL parameters, allowing remote attackers to inject arbitrary scripts/HTML. Affected component: MailPoet plugin for WordPress; root cause: insuffic...
PT-2020-9209 · WordPress · Mailpoet
Name of the Vulnerable Software and Affected Versions: MailPoet plugin versions prior to 3.23.2 for WordPress Description: The issue allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL, which is a Reflective Server-Side XSS. Recommendations: For MailPo...
CVE-2018-20853
An issue was discovered in the MailPoet Newsletters aka wysija-newsletters plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks...