WordPress HUSKY plugin <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe vulnerability

Insecure Direct Object Reference to Unsubscribe vulnerability discovered by shaman0x01 in WordPress Plugin HUSKY versions = 1.3.6.1...

CVE-2023-1430

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to...

CVE-2022-47409

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations...

PT-2022-28059 · Typo3 · Fp Newsletter

Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions prior to 1.1.1 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.x prior to 2.1.2 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.x prior to 3.2.6...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that an attacker can unsubscribe everyone via a series of modified subscription uids in a deleteAction...

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

PYSEC-2021-319

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

Wordpress Arigato Autoresponder and Newsletter Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin used in... A cross-site scripting vulnerability exists in the...

apps.startribune.com XSS vulnerability

Vulnerable URL: http://apps.startribune.com/ipad/alerts/unsubscribe.php?email=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 29.11.2017 Latest check for patch:| 29.11.2017 19:39 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...