Lucene search
K

104 matches found

Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.9 views

PT-2024-16029 · WordPress · Mailpoet

Name of the Vulnerable Software and Affected Versions: MailPoet WordPress plugin versions prior to 5.3.2 Description: A vulnerability was found in the MailPoet WordPress plugin that allows Stored XSS on behalf of the editor by embedding malicious script. This can lead to account takeover backdoor...

6.1CVSS6AI score0.00338EPSS
Exploits1References6
NVD
NVD
added 2024/11/16 4:15 a.m.27 views

CVE-2024-9938

The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/16 3:20 a.m.12 views

CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting

The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.0038EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/16 3:20 a.m.17 views

CVE-2024-9938 Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting

The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.0038EPSS
Exploits0References2
CVE
CVE
added 2024/11/16 3:20 a.m.51 views

CVE-2024-9938

CVE-2024-9938 concerns Bounce Handler MailPoet 3 for WordPress, vulnerable to a Reflected Cross-Site Scripting (XSS) via the page parameter in versions

6.1CVSS6AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/16 12:0 a.m.6 views

WordPress plugin Bounce Handler MailPoet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS7.6AI score0.0038EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/15 9:35 p.m.7 views

WordPress Bounce Handler MailPoet 3 plugin <= 1.3.21 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Bounce Handler MailPoet 3 versions = 1.3.21...

6.1CVSS6.3AI score0.0038EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.17 views

WordPress Bounce Handler MailPoet 3 Plugin <= 1.3.21 is vulnerable to Cross Site Scripting (XSS)

Software Bounce Handler MailPoet 3 Type Plugin Vulnerable versions = 1.3.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9938 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ab6f81da0c5a Credits Colin Xu...

6.1CVSS5.9AI score0.0038EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/08/23 12:0 a.m.14 views

WordPress MailPoet Plugin < 3.23.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mailpoet:mailpoet"; ifdescription...

6.1CVSS7AI score0.01797EPSS
Exploits0References1
NVD
NVD
added 2023/06/01 1:15 p.m.21 views

CVE-2014-125104

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

9.8CVSS7.1AI score0.00744EPSS
Exploits0References4
CVE
CVE
added 2023/06/01 1:0 p.m.46 views

CVE-2014-125104

CVE-2014-125104 concerns VaultPress Plugin up to 1.6.0 on WordPress. The vulnerability affects the function protect_aioseo_ajax in the file class.vaultpress-hotfixes.php within the MailPoet Plugin, enabling unrestricted upload. The issue is exploitable remotely. A fix exists: upgrade to VaultPres...

9.8CVSS8AI score0.00744EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/06/01 1:0 p.m.24 views

CVE-2014-125104 VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

6.5CVSS9.6AI score0.00744EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

7.5CVSS6.1AI score0.59682EPSS
Exploits2References1
NVD
NVD
added 2020/06/02 5:15 p.m.19 views

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

6.1CVSS6.3AI score0.01797EPSS
Exploits0References3
OSV
OSV
added 2020/06/02 5:15 p.m.14 views

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

6.1CVSS7.1AI score
Exploits0References3
Prion
Prion
added 2020/06/02 5:15 p.m.15 views

Cross site scripting

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

4.3CVSS6.3AI score0.01797EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/06/02 4:45 p.m.22 views

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

6.3AI score0.01797EPSS
Exploits0References3
CVE
CVE
added 2020/06/02 4:45 p.m.64 views

CVE-2019-11843

The CVE-2019-11843 entry refers to the WordPress MailPoet plugin before version 3.23.2, which is vulnerable to a Reflective Server-Side XSS via extra URL parameters, allowing remote attackers to inject arbitrary scripts/HTML. Affected component: MailPoet plugin for WordPress; root cause: insuffic...

6.1CVSS6.3AI score0.01797EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/02 12:0 a.m.4 views

PT-2020-9209 · WordPress · Mailpoet

Name of the Vulnerable Software and Affected Versions: MailPoet plugin versions prior to 3.23.2 for WordPress Description: The issue allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL, which is a Reflective Server-Side XSS. Recommendations: For MailPo...

6.1CVSS6.2AI score0.01797EPSS
Exploits0References9
OSV
OSV
added 2019/11/06 8:15 p.m.6 views

CVE-2018-20853

An issue was discovered in the MailPoet Newsletters aka wysija-newsletters plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks...

5.3CVSS5.8AI score0.00948EPSS
Exploits0References1
Rows per page
Query Builder