CVE-2025-23879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

EUVD-2025-205724

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

EUVD-2025-5676

Malicious code in bioql PyPI...

CVE-2025-23879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

CVE-2025-23879

CVE-2025-23879 affects the WordPress plugin Easy Automatic Newsletter Lite (PillarDev)

CVE-2025-23879 WordPress Easy Automatic Newsletter Lite Plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

WordPress plugin Easy Automatic Newsletter Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress Easy Automatic Newsletter Lite Plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Easy Automatic Newsletter Lite versions = 3.2.0...

WordPress Newsletter Lite plugin <= 4.6.16 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress Newsletter Lite plugin versions = 4.6.16. Solution Update the WordPress Newsletter Lite plugin to the latest available version at least 4.6.18...

Newsletter Lite < 4.6.19 - Multiple Issues

- Lack of CSRF, Authorisation and sanitisation checks in the ajaxloadneweditor function, registered as an AJAX method, can lead to an authenticated reflected XSS issue. - Authenticated Directory Traversal leading to RCE PoC XSS: As an authenticated user with a role as low as a Subscriber, open...

Newsletter Lite < 4.6.19 - Multiple Issues

- Lack of CSRF, Authorisation and sanitisation checks in the ajaxloadneweditor function, registered as an AJAX method, can lead to an authenticated reflected XSS issue. - Authenticated Directory Traversal leading to RCE XSS: As an authenticated user with a role as low as a Subscriber, open...

CVE-2009-2602

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb...