54 matches found
WordPress SendPress Newsletters plugin <= 1.23.11.6 - Admin+ Stored XSS via Settings vulnerability
Admin+ Stored XSS via Settings vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin SendPress Newsletters versions = 1.23.11.6...
WordPress SendPress Newsletters plugin <= 1.23.11.6 - Admin+ Stored XSS via Form Settings vulnerability
Admin+ Stored XSS via Form Settings vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin SendPress Newsletters versions = 1.23.11.6...
EUVD-2023-46221
Malicious code in bioql PyPI...
EUVD-2023-39077
Malicious code in bioql PyPI...
EUVD-2023-46222
Malicious code in bioql PyPI...
CVE-2023-47517
Unauth. Reflected Cross-Site Scripting XSS vulnerability in SendPress Newsletters plugin = 1.23.11.6 versions...
CVE-2023-41729
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SendPress Newsletters plugin = 1.22.3.31 versions...
CVE-2023-41730
Cross-Site Request Forgery CSRF vulnerability in SendPress Newsletters plugin = 1.22.3.31 versions...
CVE-2023-35040
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6...
CVE-2023-35040
Missing Authorization vulnerability in brewlabs SendPress Newsletters sendpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendPress Newsletters: from n/a through = 1.26.1.20...
CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.26.1.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in brewlabs SendPress Newsletters sendpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendPress Newsletters: from n/a through = 1.26.1.20...
CVE-2023-35040
CVE-2023-35040 affects WordPress plugin SendPress Newsletters (versions up to and including 1.23.11.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in SendPress Newsletters, with unauthenticated access potentially allowed due to insufficient authorizati...
CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6...
CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6...
WordPress plugin SendPress Newsletters Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-1589
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...