Lucene search
K

187 matches found

Packet Storm
Packet Storm
added 2013/05/14 12:0 a.m.24 views

Wordpress Newsletter 3.2.6 Cross Site Scripting

Wordpress Newsletter Plugin 3.2.6 alert Reflected XSS Vulnerability Vendor: Stefano Lissa Product web page: http://wordpress.org/extend/plugins/newsletter/ Affected version: 3.2.6 and bellow Summary: Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing syste...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/05/14 12:0 a.m.30 views

Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

Summary Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing system on your WordPress blog. Description The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'alert' GET parameter in the 'page.php' script...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2012/06/19 8:0 p.m.20 views

CVE-2012-3588

Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the data parameter...

6.7AI score0.10703EPSS
Exploits1References4
Patchstack
Patchstack
added 2012/06/08 12:0 a.m.18 views

WordPress Newsletter Plugin 1.5 - Remote File Disclosure

WordPress Newsletter plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel. Solution Update the plugin...

5CVSS3.9AI score0.10703EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2011/08/17 12:0 a.m.11 views

WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection

WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection Exploit Title: WordPress OdiHost Newsletter plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- $newsletterid = $GET"id"; ... $wpdb-query"update newsletterstat set newsletterstatopened =...

0.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2008/10/21 1:18 a.m.1 views

CVE-2008-4625

SQL injection vulnerability in stnliframe.php in the ShiftThis Newsletter stnewsletter plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683...

7.5CVSS6.4AI score0.02726EPSS
Exploits2References6
Patchstack
Patchstack
added 2008/02/11 12:0 a.m.16 views

WordPress Newsletter Plugin - SQL Injection #2

Because of this vulnerability in shiftthis-preview.php, the attackers can execute arbitrary SQL commands via the "newsletter" parameter. Solution Update the plugin...

7.5CVSS6.4AI score0.02555EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder