EUVD-2015-9249

Malware in sbrugna...

CVE-2015-9409

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php...

WordPress alo-easymail plugin has an unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. alo-easymail is used in one of the news subscription plug-ins that support multiple languages. A cross-site request forgery...

CVE-2015-9409

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php...

CVE-2015-9409

The CVE covers the WordPress alo-easymail plugin prior to 2.6.01, where CSRF leads to a resultant XSS in pages/alo-easymail-admin-options.php. Affected software: alo-easymail plugin (WordPress). Underlying issue: CSRF allowing XSS on the admin options page. Impact as stated: cross-site scripting ...

CVE-2015-9409

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php...

WordPress ALO EasyMail Newsletter plugin <= 2.8.1 - Reflected Cross-Site Scripting (XSS) Vulnerability

Reflected Cross-Site Scripting XSS Vulnerability was found in WordPress ALO EasyMail Newsletter plugin in version 2.8.1. The file /alo-easymail-admin-subscribers.php outputs 'sortby' variable without escaping it. Solution Update the plugin...

WordPress ALO EasyMail Newsletter 2.9.2 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

WordPress ALO EasyMail NewsLetter 2.9.2 Plugin - Cross-Site Request Forgery (Add/Import Arbitrary Su

Exploit for php platform in category web applications Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker...

WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (AddImport Arbitrary Subscribers)

WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery AddImport Arbitrary Subscribers Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This iss...

WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker event, running from July 1-29. A community summer event...

WordPress ALO EasyMail NewsLetter Plugin 2.9.2 - CSRF

ALO EasyMail NewsLetter Plugin prior to 2.9.3 is prone to a cross-site request forgery CSRF. It allows remote attackers to add/import arbitrary subscribers. Solution Update ALO EasyMail NewsLetter plugin to 2.9.3 version...

WordPress ALO EasyMail Newsletter Plugin Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. A cross-site request forgery CSRF vulnerability exists in the WordPress ALO EasyMail Newsletter plugin version 2.6.01. A remote attacker can...

WordPress ALO EasyMail Newsletter Plugin <= 12.6.00 - Multiple Vulnerabilities

This plugin is prone to a cross site scripting and cross site request forgery vulnerabilities. Solution Update the plugin...

WordPress Plugin ALO EasyMail NewsLetter 2.6.01 - Cross-Site Request Forgery

WordPress Plugin ALO EasyMail NewsLetter 2.6.01 - Cross-Site Request Forgery Exploit Title: Wordpress ALO EasyMail Newsletter plugin cross-site request forgery vulnerability Software Link: https://wordpress.org/plugins/alo-easymail/ Affected Version: 2.6.01 Exploit Author: Mohsen Lotfi Contact:...

WordPress ALO EasyMail Newsletter 2.6.01 CSRF

Exploit Title: Wordpress ALO EasyMail Newsletter plugin cross-site request forgery vulnerability Software Link: https://wordpress.org/plugins/alo-easymail/ Affected Version: 2.6.01 Exploit Author: Mohsen Lotfi Contact: [email protected] Twitter: foxonefoxone Date: 01-16-2016 1. Descripti...

ALO EasyMail Newsletter <= 2.6.01 - Cross-Site Request Forgery (CSRF)

The ALO EasyMail Newsletter WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

WordPress ALO EasyMail Newsletter Plugin 2.6.01 - CSRF

ALO EasyMail Newsletter plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the plugin...

WordPress ALO EasyMail NewsLetter 2.6.01 Plugin - Cross-Site Request Forgery

Exploit for php platform in category web applications Exploit Title: Wordpress ALO EasyMail Newsletter plugin cross-site request forgery vulnerability Software Link: https://wordpress.org/plugins/alo-easymail/ Affected Version: 2.6.01 Exploit Author: Mohsen Lotfi Contact: email protected Twitter:...

WordPress Plugin ALO EasyMail NewsLetter 2.6.01 - Cross-Site Request Forgery

Exploit Title: Wordpress ALO EasyMail Newsletter plugin cross-site request forgery vulnerability Software Link: https://wordpress.org/plugins/alo-easymail/ Affected Version: 2.6.01 Exploit Author: Mohsen Lotfi Contact: [email protected] Twitter: foxonefoxone Date: 01-16-2016 1. Descripti...