CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2025/05/23 7:34 a.m.•5 views

CVE-2024-13521

The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the masoptions function. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.5AI score0.00151EPSS

Exploits0References1

Patchstack•added 2025/01/28 10:39 a.m.•2 views

WordPress MailUp Auto Subscription plugin <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin MailUp Auto Subscription versions = 1.1.0...

6.1CVSS5.9AI score0.00151EPSS

Exploits0References1Affected Software1

NVD•added 2025/01/28 8:15 a.m.•13 views

CVE-2024-13521

6.1CVSS0.00151EPSS

Exploits0References2

Vulnrichment•added 2025/01/28 7:21 a.m.•6 views

CVE-2024-13521 MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1CVSS5.4AI score0.00151EPSS

Exploits0References2

CVE•added 2025/01/28 7:21 a.m.•48 views

CVE-2024-13521

CVE-2024-13521 affects the MailUp Auto Subscription plugin for WordPress up to version 1.1.0. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing/incorrect nonce validation in the mas_options function, allowing unauthenticated attackers to update settings and inject m...

6.1CVSS6.7AI score0.00151EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/01/28 7:21 a.m.•11 views

CVE-2024-13521 MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1CVSS0.00151EPSS

Exploits0References2

Positive Technologies•added 2025/01/28 12:0 a.m.•1 views

PT-2025-2205 · WordPress · Mailup Auto Subscription

Name of the Vulnerable Software and Affected Versions: MailUp Auto Subscription plugin for WordPress version 1.1.0 and earlier Description: The issue is due to missing or incorrect nonce validation on the mas options function, making it possible for unauthenticated attackers to update settings an...

6.1CVSS9.5AI score0.00151EPSS

Exploits0References9

CNNVD•added 2025/01/28 12:0 a.m.•0 views

WordPress plugin MailUp Auto Subscription 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.1CVSS8.7AI score0.00151EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by