WordPress Newsletter Popup plugin <= 1.2 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

WordPress Newsletter Popup plugin <= 1.2 - Subscriber Deletion via CSRF vulnerability

Subscriber Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

WordPress Newsletter Popup plugin <= 1.2 - List Deletion via CSRF vulnerability

List Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

CVE-2023-0733

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

CVE-2023-47308

In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...

WordPress Newsletter Popup plugin <= 1.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

CVE-2024-3643

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2024-3644

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3644

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3642

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2024-3641

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins...

CVE-2024-3641

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins...

CVE-2024-3642

The CVE-2024-3642 entry concerns the WordPress plugin Newsletter Popup (versions up to 1.2). The core issue is a missing CSRF check when deleting a subscriber, enabling an attacker to coerce a logged-in admin into performing deletion via CSRF. Impact is administrative action without authenticatio...

CVE-2024-3642 Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2024-3642 Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2024-3643 Newsletter Popup <= 1.2 - List Deletion via CSRF

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2024-3641 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins...

PT-2024-26987 · WordPress · Newsletter Popup

Name of the Vulnerable Software and Affected Versions: The Newsletter Popup WordPress plugin versions prior to 1.3 Description: The issue concerns a lack of CSRF check when deleting a subscriber, which could allow attackers to make logged-in admins perform such an action via a CSRF attack...

PT-2024-26976 · WordPress · Newsletter Popup

Name of the Vulnerable Software and Affected Versions: The Newsletter Popup WordPress plugin versions prior to 1.3 Description: The issue allows unauthenticated visitors to perform Cross-Site Scripting attacks against admins due to the plugin not sanitising and escaping some parameters. This coul...

WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7dd3456f2155 Credits Bob Matyas Required privile...