EUVD-2025-31241

Malicious code in bioql PyPI...

WordPress NewsmanApp plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin NewsmanApp versions = 2.7.7...

CVE-2025-60164 WordPress NewsmanApp plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through = 2.7.7...

CVE-2025-60164

CVE-2025-60164 describes a CSRF flaw in the WordPress plugin NewsmanApp that enables a Stored XSS vector in versions up to 2.7.7 . The Connected documents identify the affected product and vulnerability type, but there are no details on exploits, exact impact beyond stored XSS, or a patch/recomme...

CVE-2025-60164 WordPress NewsmanApp plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through = 2.7.7...

WordPress plugin NewsmanApp 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-39606

Name of the Vulnerable Software and Affected Versions NewsmanApp versions through 2.7.7 Description A Cross-Site Request Forgery CSRF issue exists in NewsMAN NewsmanApp, which also allows Stored Cross-Site Scripting XSS. The issue allows for potential malicious actions to be performed on behalf o...

CVE-2024-11767 NewsmanApp <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsmansubscribewidget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin NewsmanApp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-17243 · WordPress · Newsmanapp

Name of the Vulnerable Software and Affected Versions: NewsmanApp plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'newsman subscribe widget' shortcode due to insufficient input sanitization and output...

WordPress NewsmanApp plugin <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin NewsmanApp versions = 2.7.6...