134 matches found
CVE-2025-10638
CVE-2025-10638 affects the NS Maintenance Mode for WP WordPress plugin (versions up to 1.3.1). The vulnerability enables unauthenticated attackers to access the subscriber export function and download a list of site subscribers, including their names and email addresses. The linked documents conf...
WordPress plugin NS Maintenance Mode for WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
EUVD-2022-50174
Malicious code in bioql PyPI...
Researchers Link New SS7 Encoding Attack to Surveillance Vendor Activity
Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection...
CVE-2022-47410
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)
We hear terms like "state-sponsored attacks" and "critical vulnerabilities" all the time, but what's really going on behind those words? This week's cybersecurity news isn't just about hackers and headlines—it's about how digital risks shape our lives in ways we might not even realize. For...
Exploit for CVE-2024-2876
CVE-2024-2876 - SQL Injection Vulnerability in Email Subscribe...
CVE-2024-2541
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via...
WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability
Subscriber+ Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Leopard - WordPress offload media versions = 2.0.36...
CVE-2023-6922
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and email...
CVE-2023-39974
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list...
Nokia OneNDS 权限许可和访问控制问题漏洞
Nokia OneNDS is a web directory server from Nokia, Finland. It is a core element of the Subscriber Data Management SDM solution. A vulnerability in Nokia OneNDS 17r2 exists in the form of a privilege permission and access control issue vulnerability that stems from incorrect privilege management...
Nokia OneNDS 权限许可和访问控制问题漏洞
Nokia OneNDS is a web directory server from Nokia, Finland. It is a core element of the Subscriber Data Management SDM solution. A privilege permission and access control issue vulnerability exists in Nokia OneNDS version 20.9, which stems from an error in the security configuration and can be...
GHSA-VXMC-QG5X-PVFX "Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
GHSA-R44W-PFX8-28JV "Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations...
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
Design/Logic Flaw
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that its subscriber's data can be obtained via an unsubscribeAction operation...
CVE-2022-47411
The CVE-2022-47411 flaw affects the TYPO3 fp_newsletter extension and allows exposure of subscriber data via unsubscribeAction. Affected versions include 1.0–1.1.0, 1.2.0, 2.0–2.1.1, 2.2.1–2.4.0, and 3.0–3.2.5. Remediation paths per PT-Security: upgrade to 1.1.1 (or later) for 1.x; to 2.1.2 (or l...
CVE-2022-47410
The CVE-2022-47410 entry affects the TYPO3 fp_newsletter (Newsletter subscriber management) extension. The reported issue is that data about subscribers may be obtained via createAction operations, with vulnerable versions including before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1–2.4.0, and 3.x befo...