3 matches found
WordPress Email Subscribers & Newsletters Plugin <= 5.7.15 is vulnerable to Cross Site Scripting (XSS)
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.15 Fixed in 5.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a734d5d11361 Credits Peter1...
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escapin...
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escapin...