Lucene search
+L

637 matches found

nuclei
nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
nuclei
nuclei
added yesterday12 views

WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection

Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...

7.5CVSS6.1AI score0.01382EPSS
Exploits0References2
nvd
nvd
added 2 days ago5 views

CVE-2026-12583

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS0.00326EPSS
Exploits0References1
euvd
euvd
added 2 days ago5 views

EUVD-2026-43627

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS6.4AI score0.00326EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago27 views

CVE-2026-12583 Newsletters < 4.15 - Unauthenticated PHP Object Injection via Subscriber Custom Field

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

0.00326EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago3 views

CVE-2026-12583

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS6.4AI score0.00326EPSS
Exploits0References1
cve
cve
added 2 days ago17 views

CVE-2026-12583

Summary: The Newsletters WordPress plugin before 4.15 is vulnerable to unauthenticated PHP object injection via a subscriber custom field. Deserialization of untrusted input stored through a public form enables an attacker to write arbitrary files and execute code on the server via a gadget chain...

8.1CVSS6.4AI score0.00326EPSS
Exploits0References1
nvd
nvd
added 3 days ago3 views

CVE-2026-57394

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through = 4.14...

7.1CVSS0.0018EPSS
Exploits0References1
cve
cve
added 3 days ago10 views

CVE-2026-57394

The CVE-2026-57394 entry concerns Tribulant Software’s Newsletters plugin (WordPress, newsletters-lite, affected

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago24 views

CVE-2026-57394 WordPress Newsletters plugin <= 4.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through = 4.14...

7.1CVSS0.0018EPSS
Exploits0References1
ptsecurity
ptsecurity
added 3 days ago7 views

PT-2026-57706

Name of the Vulnerable Software and Affected Versions Tribulant Software Newsletters newsletters-lite versions prior to 4.15 Description Improper neutralization of input during web page generation leads to a Reflected Cross-site Scripting XSS issue. This occurs when an application includes...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References3
patchstack
patchstack
added 2026/07/08 9:22 a.m.5 views

WordPress Newsletters plugin <= 4.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Newsletters versions = 4.14...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
cve
cve
added 2026/07/02 5:35 a.m.18 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
patchstack
patchstack
added 2026/07/01 8:5 p.m.6 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/07/01 5:17 p.m.5 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57645

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
nvd
nvd
added 2026/06/26 3:16 p.m.7 views

CVE-2026-54840

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS0.00213EPSS
Exploits0References1
cve
cve
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57645

CVE-2026-57645 affects the WordPress Newsletters plugin (versions

8.1CVSS5.8AI score0.00189EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 2:53 p.m.30 views

CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
Rows per page
Query Builder