Lucene search
+L

104 matches found

CNVD
CNVD
added 2022/06/15 12:0 a.m.27 views

WordPress MailerLite plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress MailerLite plugin 1.5.4, which stems...

4.3CVSS2.2AI score0.00815EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/06/13 1:15 p.m.12 views

CVE-2022-1604

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00815EPSS
Exploits2References1
OSV
OSV
added 2022/06/13 1:15 p.m.6 views

CVE-2022-1604

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00815EPSS
Exploits2References1
Prion
Prion
added 2022/06/13 1:15 p.m.13 views

Cross site scripting

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6AI score0.00815EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.18 views

CVE-2022-1604 MailerLite < 1.5.4 - Reflected Cross-Site Scripting

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00815EPSS
Exploits2References1
CVE
CVE
added 2022/06/13 12:42 p.m.68 views

CVE-2022-1604

The CVE-2022-1604 entry concerns the MailerLite WordPress plugin prior to version 1.5.4, which does not sanitize or escape a parameter before echoing it in the page, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Affected software: MailerLite WordPress plugin (pre-1.5.4). Root cau...

6.1CVSS6AI score0.00815EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.5 views

WordPress plugin MailerLite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress MailerLite plugin 1.5.4, which stems...

6.1CVSS5.7AI score0.00815EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.25 views

WordPress MailerLite – Signup forms plugin <= 1.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress MailerLite – Signup forms plugin versions = 1.5.3. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least 1.5.4...

6.1CVSS1.8AI score0.00815EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.21 views

MailerLite < 1.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC The first digit of the ID must be an existing form ID...

6.1CVSS0.4AI score0.00815EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.104 views

MailerLite < 1.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The first digit of the ID must be an existing form ID...

6.1CVSS0.3AI score0.00815EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2020/05/25 12:0 a.m.18 views

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. PoC One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter o...

2.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/25 12:0 a.m.16 views

Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues

Despite fixing the SQL injection, the plugin was still affected by CSRF issues, which could allow an attacker to make a logged in administrator edit, add, and delete arbitrary signup form views...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/05/25 12:0 a.m.10 views

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/05/25 12:0 a.m.7 views

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.4. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.5...

3.7AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2020/05/25 12:0 a.m.64 views

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter of th...

0.8AI score
Exploits0References1
Patchstack
Patchstack
added 2020/05/25 12:0 a.m.7 views

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.4. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.5...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/05/25 12:0 a.m.24 views

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...

3.9AI score
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2018/11/18 6:13 p.m.7 views

landing.mailerlite.com XSS vulnerability

Open Bug Bounty ID: OBB-699337 Description| Value ---|--- Affected Website:| landing.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/09/06 3:15 p.m.7 views

app.mailerlite.com XSS vulnerability

Open Bug Bounty ID: OBB-673777 Description| Value ---|--- Affected Website:| app.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/05/22 4:15 p.m.15 views

app.mailerlite.com XSS vulnerability

Open Bug Bounty ID: OBB-620351 Description| Value ---|--- Affected Website:| app.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Rows per page
Query Builder