WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

CVE-2026-1781

CVE-2026-1781 affects the MC4WP: Mailchimp for WordPress plugin for WordPress; vulnerable in all versions up to 4.11.1 due to missing authorization in the form handling, where the plugin trusts the publicly exposed _mc4wp_action POST parameter. This allows unauthenticated attackers to force unsub...

CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

PT-2024-38381 · WordPress · Husky – Products Filter Professional

Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6.1 Description: The issue is related to Insecure Direct Object Reference. It affects the plugin via the woof messenger remove subscr...

"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations...

CVE-2022-47411

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations...

PT-2022-28058 · Typo3 · Fp Newsletter

Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that its subscriber's data can be obtained via an unsubscribeAction operation...

PT-2022-28062 · Typo3 · Fp Newsletter

Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....

CVE-2014-9254

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...

Sql injection

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...