CVE-2022-0479

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack...

CVE-2022-0479

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack...

CVE-2021-24152

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting...

CVE-2021-24152

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting...

CVE-2021-24152

Popup Builder (WordPress plugin) is affected by CVE-2021-24152, a reflected XSS in the All Subscribers setting page. The vulnerability affects versions prior to 3.74, and requires an authenticated attacker to entice a logged-in user to a crafted URL to execute arbitrary scripts in the user’s brow...

WordPress Email Subscribers & Newsletters Plugin Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters plugin is used in one of the push message plugin. An information disclosure vulnerability exists in...

CVE-2018-6015

An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=viewallsubscribers in the body, allows downloading of a CSV data file with all subscriber data...