PT-2026-29854

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

EUVD-2026-0751

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

EUVD-2012-6473

Malware in sbrugna...

EUVD-2012-6474

Malware in sbrugna...

EUVD-2012-6475

Malware in sbrugna...

EUVD-2025-27482

Malicious code in bioql PyPI...

CVE-2012-6628

Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...

CVE-2012-6629

Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...

CVE-2012-6627

Cross-site scripting XSS vulnerability in admin/testmail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2020-36727

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...

Deserialization of untrusted data

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...

CVE-2020-36727 Newsletter Manager <= 1.5.1 - Insecure Deserialization

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...

CVE-2020-36727 Newsletter Manager <= 1.5.1 - Insecure Deserialization

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...

CVE-2020-36727

The CVE-2020-36727 entry describes an insecure deserialization flaw in the Newsletter Manager WordPress plugin (versions up to 1.5.1) caused by unsanitized input via the customFieldsDetails parameter, enabling unauthenticated attackers to inject a serialized PHP object. Documented impact indicate...

WordPress Plugin Newsletter Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability

Unauthenticated Insecure Deserialisation vulnerability found by Jerome Bruander NinTechNet in WordPress Newsletter Manager plugin versions = 1.5.1. Solution 2020-12-31 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October...

WordPress Newsletter Manager plugin <= 1.4 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability found by posix in WordPress Newsletter Manager plugin versions = 1.4. Solution 21 May 2019 - This plugin was closed on May 20, 2019 and is no longer available for download...

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue PoC In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection

The PHPlist Integration module provides an integration between a Drupal website and phpList newsletter manager. The module provides two main features: user sync and sending a node as a newsletter. The module introduces a SQL Injection vulnerability to the phpList database. The Drupal database is...