20 matches found
EUVD-2021-11468
Malware in sbrugna...
EUVD-2025-11644
Malicious code in bioql PyPI...
CVE-2021-24556
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
CVE-2025-27354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phil88530 Simple Email Subscriber simple-email-subscriber allows Reflected XSS.This issue affects Simple Email Subscriber: from n/a through = 2.3...
CVE-2025-27354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phil88530 Simple Email Subscriber simple-email-subscriber allows Reflected XSS.This issue affects Simple Email Subscriber: from n/a through = 2.3...
CVE-2025-27354 WordPress Simple Email Subscriber plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phil88530 Simple Email Subscriber simple-email-subscriber allows Reflected XSS.This issue affects Simple Email Subscriber: from n/a through = 2.3...
CVE-2025-27354
CVE-2025-27354 affects WordPress plugin Simple Email Subscriber (versions n/a–2.3). All connected sources confirm a Cross-Site Scripting (Reflected XSS) flaw arising from improper input neutralization during web page generation. The CVE description states the issue as a Reflected XSS vulnerabilit...
CVE-2025-27354 WordPress Simple Email Subscriber plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phil88530 Simple Email Subscriber simple-email-subscriber allows Reflected XSS.This issue affects Simple Email Subscriber: from n/a through = 2.3...
PT-2025-17077 · Unknown · Simple Email Subscriber
Name of the Vulnerable Software and Affected Versions: Simple Email Subscriber versions n/a through 2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...
WordPress plugin Simple Email Subscriber 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Simple Email Subscriber plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Simple Email Subscriber versions = 2.3...
CVE-2021-24556
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
CVE-2021-24556
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
Cross site scripting
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
CVE-2021-24556
The CVE-2021-24556 entry affects WordPress Email Subscriber plugin versions up to 1.1, where the kento_email_subscriber_ajax action fails to sanitize/validate/escape POST parameters subscribe_email and subscribe_name. This causes stored XSS by injecting unsanitized data into the DB and echoing it...
CVE-2021-24556 Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
Wordpress Plugin Email Subscriber 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...
Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The kentoemailsubscriberajax AJAX action of the plugin, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The kentoemailsubscriberajax AJAX action of the plugin, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
WordPress Email Subscriber plugin <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shreya Pohekar in WordPress Email Subscriber plugin versions = 1.1. Solution This plugin has been closed as of May 19, 2021 and is not available for download. Reason: Security Issue...