WordPress Newsletter Popup plugin <= 1.2 - List Deletion via CSRF vulnerability

List Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability

WordPress Newsletter - Send awesome emails from WordPress plugin = 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability discovered by WordFence in WordPress Plugin Newsletter versions = 9.1.0...

CVE-2025-14904 Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

CVE-2025-67999

Technical details for CVE-2025-67999 are not provided in the supplied documents. Monitor for updates; the materials do not specify affected product versions, impact, or remediation.

WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Newsletter versions = 9.0.9...

EUVD-2020-23516

Malware in sbrugna...

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Plugin <= 3.1.87 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Type Plugin Vulnerable versions = 3.1.87 Fixed in 3.1.88 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8477 Patch priority Low CVSS severity Low 4.3 Developer Claim...

CVE-2024-43279 WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8...

WordPress Newsletter plugin <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 vulnerability

Unauthenticated Stored Cross-Site Scripting via np1 vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Newsletter versions = 8.3.4...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Plugin <= 3.1.77 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Type Plugin Vulnerable versions = 3.1.77 Fixed in 3.1.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35668 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7dd3456f2155 Credits Bob Matyas Required privile...

WordPress ENL Newsletter plugin <= 1.0.1 - Campaign Deletion via CSRF vulnerability

Campaign Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin ENL Newsletter versions = 1.0.1...

WordPress Newsletter Plugin <= 8.2.0 is vulnerable to Bypass Vulnerability

Software Newsletter Type Plugin Vulnerable versions = 8.2.0 Fixed in 8.2.1 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-30522 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3a2b06142955 Credits Mika Required privilege...

WordPress Newsletter & Bulk Email Sender Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter & Bulk Email Sender Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45829 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 83ca41771be8 Credits thiennv...

WordPress plugin Newsletter Popup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0733 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3312adcb21e4 Credits Lana Codes Required...

WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0766 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cf141768871 Credits Lana Codes Required...

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...