104 matches found
WordPress MailerLite plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress MailerLite plugin 1.5.4, which stems...
CVE-2022-1604
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1604
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1604 MailerLite < 1.5.4 - Reflected Cross-Site Scripting
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1604
The CVE-2022-1604 entry concerns the MailerLite WordPress plugin prior to version 1.5.4, which does not sanitize or escape a parameter before echoing it in the page, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Affected software: MailerLite WordPress plugin (pre-1.5.4). Root cau...
WordPress plugin MailerLite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress MailerLite plugin 1.5.4, which stems...
WordPress MailerLite – Signup forms plugin <= 1.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress MailerLite – Signup forms plugin versions = 1.5.3. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least 1.5.4...
MailerLite < 1.5.4 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC The first digit of the ID must be an existing form ID...
MailerLite < 1.5.4 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The first digit of the ID must be an existing form ID...
Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection
Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. PoC One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter o...
Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues
Despite fixing the SQL injection, the plugin was still affected by CSRF issues, which could allow an attacker to make a logged in administrator edit, add, and delete arbitrary signup form views...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.4. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.5...
Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection
Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter of th...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.4. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.5...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...
landing.mailerlite.com XSS vulnerability
Open Bug Bounty ID: OBB-699337 Description| Value ---|--- Affected Website:| landing.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
app.mailerlite.com XSS vulnerability
Open Bug Bounty ID: OBB-673777 Description| Value ---|--- Affected Website:| app.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
app.mailerlite.com XSS vulnerability
Open Bug Bounty ID: OBB-620351 Description| Value ---|--- Affected Website:| app.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...