189 matches found
CVE-2023-25061
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin = 2.7.1.1 versions...
WordPress plugin Arigato Autoresponder and Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)
Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...
WordPress Plugin Arigato Autoresponder and Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Newsletter plugin cross-site scripting vulnerability (CNVD-2022-57172)
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. cross-site scripting...
WordPress Newsletter Plugin < 7.4.6 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-1889
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
CVE-2022-1889
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
WordPress Newsletter plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...
CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...
Cross site scripting
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...
WordPress plugin Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC Go to Newsletters of Newsletter at wordpress admin panel eg...
WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Phyo Win Shein in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...
WordPress Superfast Mailgun for the Newsletter plugin plugin < 1.1.6 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Superfast Mailgun for the Newsletter plugin plugin versions 1.1.6. Solution Update the WordPress Superfast Mailgun for the Newsletter plugin plugin to the latest available version at least 1.1.6...
CVE-2021-25033
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...
CVE-2021-25033
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...
CVE-2021-24874
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...