10 matches found
CVE-2025-11876
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-11876
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-11876
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
EUVD-2025-203054
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-11876 Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-11876
CVE-2025-11876 concerns the WordPress plugin Mailgun Subscriptions (up to version 1.3.1). The issue is a Stored Cross-Site Scripting (XSS) vulnerability in the plugin’s shortcodes, specifically the mailgun_subscription_form attribute handling, caused by insufficient input sanitization and output ...
CVE-2025-11876 Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
PT-2025-50898
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgun subscription form' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress plugin Mailgun Subscriptions 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
WordPress Mailgun Subscriptions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Mailgun Subscriptions versions = 1.3.1...