CVE-2025-66128

Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...

CVE-2025-66128

Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...

CVE-2025-66128 WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...

PT-2025-51416

Name of the Vulnerable Software and Affected Versions Brevo Sendinblue for WooCommerce versions through 4.0.49 Description An authorization issue exists in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription, allowing exploitation of incorrectly configured access contr...

EUVD-2021-0883

Malware in sbrugna...

EUVD-2022-7614

Malicious code in bioql PyPI...

EUVD-2024-40794

Malicious code in bioql PyPI...

CVE-2025-48308 WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in nonletter Newsletter subscription optin module newsletter-subscription-widget-for-sendblaster allows Stored XSS.This issue affects Newsletter subscription optin module: from n/a through = 1.2.9...

CVE-2024-33944

Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2...

CVE-2022-44005

An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...

CVE-2024-44012

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wpdev33 WP Newsletter Subscription wp-newsletter-subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through = 1.1...

CVE-2024-44012

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wpdev33 WP Newsletter Subscription wp-newsletter-subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through = 1.1...

CVE-2024-44012

CVE-2024-44012 is a Local File Inclusion (path traversal) vulnerability in the WP Newsletter Subscription plugin for WordPress, affecting versions n/a through 1.1. The issue stems from improper restriction of pathnames, enabling PHP Local File Inclusion. Public sources in connected docs confirm t...

WordPress plugin WP Newsletter Subscription 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WP Newsletter Subscription versions = 1.1...

WordPress WP Newsletter Subscription Plugin <= 1.1 is vulnerable to Local File Inclusion

Software WP Newsletter Subscription Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44012 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 47db4abe89e4 Credits tahu.datar Required privilege...

CVE-2024-33944

Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2...

CVE-2024-33944

CVE-2024-33944 is a Missing Authorization vulnerability affecting the WooCommerce AWeber Newsletter Subscription plugin for WordPress, with affected range up to version 4.0.2. The connected RH/Red Hat entry reiterates the Missing Authorization issue for this product. Public details in the provide...

CVE-2024-33944 WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability

Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2...

WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability

Unauthenticated Access Token Change/Reset vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WooCommerce AWeber Newsletter Subscription versions = 4.0.2...