Lucene search
+L

4 matches found

wpvulndb
wpvulndb
added 2023/10/26 12:0 a.m.13 views

Newsletter & Bulk Email Sender <= 2.0.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.004EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/10/25 12:0 a.m.4 views

WordPress Plugin Newsletter & Bulk Email Sender Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Newsletter & Bulk Email...

6.5CVSS5.9AI score0.004EPSS
Exploits0References2
cve
cve
added 2023/10/24 12:24 p.m.77 views

CVE-2023-45829

CVE-2023-45829 is a Stored XSS in the HappyBox Newsletter & Bulk Email Sender WordPress plugin (versions ≤ 2.0.1). Authenticated users with contributor+ permissions can exploit input handling that does not properly validate/escape parameters, enabling stored script execution. Impact per sources i...

6.5CVSS5.6AI score0.004EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2023/10/13 12:0 a.m.15 views

WordPress Newsletter & Bulk Email Sender Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter & Bulk Email Sender Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45829 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 83ca41771be8 Credits thiennv...

6.5CVSS5.8AI score0.004EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder