WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Newsletter versions = 9.0.9...

EUVD-2020-23516

Malware in sbrugna...

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

CVE-2024-43279 WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress ENL Newsletter plugin <= 1.0.1 - Campaign Deletion via CSRF vulnerability

Campaign Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin ENL Newsletter versions = 1.0.1...

WordPress Newsletter Plugin <= 8.2.0 is vulnerable to Bypass Vulnerability

Software Newsletter Type Plugin Vulnerable versions = 8.2.0 Fixed in 8.2.1 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-30522 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3a2b06142955 Credits Mika Required privilege...

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...

WordPress plugin Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2021-25033

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...

CVE-2021-25033 Noptin < 1.6.5 - Open Redirect

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...

WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

Summary Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing system on your WordPress blog. Description The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'alert' GET parameter in the 'page.php' script...