Lucene search
+L

3 matches found

Patchstack
Patchstack
added 2024/04/08 12:0 a.m.8 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.15 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.15 Fixed in 5.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a734d5d11361 Credits Peter1...

4.4CVSS5.8AI score0.0035EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/06 3:24 a.m.10 views

CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escapin...

4.4CVSS7.3AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/06 3:24 a.m.25 views

CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escapin...

4.4CVSS4.5AI score0.0035EPSS
Exploits0References2
Rows per page
Query Builder