187 matches found
Wordpress Newsletter 3.2.6 Cross Site Scripting
Wordpress Newsletter Plugin 3.2.6 alert Reflected XSS Vulnerability Vendor: Stefano Lissa Product web page: http://wordpress.org/extend/plugins/newsletter/ Affected version: 3.2.6 and bellow Summary: Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing syste...
Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability
Summary Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing system on your WordPress blog. Description The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'alert' GET parameter in the 'page.php' script...
CVE-2012-3588
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the data parameter...
WordPress Newsletter Plugin 1.5 - Remote File Disclosure
WordPress Newsletter plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel. Solution Update the plugin...
WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection
WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection Exploit Title: WordPress OdiHost Newsletter plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- $newsletterid = $GET"id"; ... $wpdb-query"update newsletterstat set newsletterstatopened =...
CVE-2008-4625
SQL injection vulnerability in stnliframe.php in the ShiftThis Newsletter stnewsletter plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683...
WordPress Newsletter Plugin - SQL Injection #2
Because of this vulnerability in shiftthis-preview.php, the attackers can execute arbitrary SQL commands via the "newsletter" parameter. Solution Update the plugin...