Lucene search
K

1664 matches found

Nuclei
Nuclei
added 9 hours ago79 views

Newsletter < 7.4.5 - Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS6.4AI score0.01785EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago21 views

WordPress Email Newsletter - Reflected XSS

WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...

5.4CVSS7AI score0.00688EPSS
Exploits1References1
Nuclei
Nuclei
added 9 hours ago89 views

Newsletter < 7.6.9 - Cross-Site Scripting

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators id: CVE-2023-27922 info: name: Newsletter 7.6.9 - Cross-Site Scripting author: r3Y3r53 severity: medium...

6.1CVSS6.4AI score0.01198EPSS
Exploits1References4
NVD
NVD
added 2 days ago4 views

CVE-2026-57739

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57740

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-57741 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-57741

CVE-2026-57741 is a stored XSS vulnerability in the WordPress plugin “AcyMailing SMTP Newsletter” (AcyMailing) up to version 10.11.0. Affected component is the plugin’s web-facing input handling that allows improper neutralization of input during web page generation. The issue permits stored cros...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-57394

The CVE-2026-57394 entry concerns Tribulant Software’s Newsletters plugin (WordPress, newsletters-lite, affected

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57739 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57739

CVE-2026-57739 affects the WordPress WordPress Plugin AcyMailing SMTP Newsletter (versions up to and including 10.11.0). The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, allowing blind SQL injection. According to the provided metrics, ...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57740

CVE-2026-57740 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress AcyMailing Newsletter SMTP Newsletter plugin, affecting versions up to and including 10.11.1. The issue stems from incorrectly configured access control, enabling an attacker with network acces...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57768

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-57769

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42804

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.1AI score0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-15297

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.1AI score0.00256EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/06 1:52 p.m.6 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:45 p.m.4 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.1...

7.1CVSS5.9AI score0.00226EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:41 p.m.4 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
Rows per page
Query Builder