Lucene search
K

189 matches found

OSV
OSV
added 2023/04/07 9:15 a.m.5 views

CVE-2023-25061

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin = 2.7.1.1 versions...

5.4CVSS6.1AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/07 12:0 a.m.5 views

WordPress plugin Arigato Autoresponder and Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.9AI score0.00406EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/03/29 12:0 a.m.5 views

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...

5.9AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.6 views

WordPress Plugin Arigato Autoresponder and Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.7AI score0.00465EPSS
Exploits2References2
CNVD
CNVD
added 2022/06/22 12:0 a.m.21 views

WordPress Newsletter plugin cross-site scripting vulnerability (CNVD-2022-57172)

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. cross-site scripting...

4.8CVSS0.8AI score0.00565EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/06/21 12:0 a.m.13 views

WordPress Newsletter Plugin < 7.4.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.8CVSS5.3AI score0.00565EPSS
Exploits2References2
OSV
OSV
added 2022/06/20 11:15 a.m.5 views

CVE-2022-1889

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.7 views

CVE-2022-1889

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References2
CNVD
CNVD
added 2022/06/15 12:0 a.m.26 views

WordPress Newsletter plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6AI score0.01785EPSS
Exploits2References1
OSV
OSV
added 2022/06/13 1:15 p.m.6 views

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS5.8AI score0.01785EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.7 views

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS5.8AI score0.01785EPSS
Exploits2References3
Prion
Prion
added 2022/06/13 1:15 p.m.18 views

Cross site scripting

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

4.3CVSS5.9AI score0.01785EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.25 views

CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1AI score0.01785EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.30 views

WordPress plugin Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.7AI score0.01785EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.20 views

Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC Go to Newsletters of Newsletter at wordpress admin panel eg...

4.8CVSS0.6AI score0.00565EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.21 views

WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Phyo Win Shein in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...

6.1CVSS1.8AI score0.01785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Superfast Mailgun for the Newsletter plugin plugin < 1.1.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Superfast Mailgun for the Newsletter plugin plugin versions 1.1.6. Solution Update the WordPress Superfast Mailgun for the Newsletter plugin plugin to the latest available version at least 1.1.6...

2.4AI score
Exploits0References2Affected Software1
NVD
NVD
added 2022/02/14 12:15 p.m.18 views

CVE-2021-25033

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...

6.1CVSS0.0267EPSS
Exploits2References2
OSV
OSV
added 2022/02/14 12:15 p.m.4 views

CVE-2021-25033

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...

6.1CVSS5.8AI score0.0267EPSS
Exploits2References2
OSV
OSV
added 2022/02/14 12:15 p.m.6 views

CVE-2021-24874

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

6.1CVSS6.4AI score0.008EPSS
Exploits2References1
Rows per page
Query Builder