Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

24 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 10:11 a.m.3 views

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

6.1CVSS6.9AI score0.00454EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2014-3844

Malware in sbrugna...

6.8CVSS6.4AI score0.00102EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-3503

Malware in sbrugna...

6.1CVSS6.2AI score0.00454EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-15320

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.00166EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/22 12:31 a.m.7 views

CVE-2014-125104

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

9.8CVSS7AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/17 9:4 p.m.4 views

CVE-2024-12743

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
OSV
OSVadded 2025/05/15 8:15 p.m.2 views

CVE-2024-12743

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2025/05/15 8:6 p.m.28 views

CVE-2024-12743

CVE-2024-12743 affects the MailPoet WordPress plugin (versions before 5.5.2). The root cause is that certain settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (notably in multisite setups). Exploitation...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/05/15 8:6 p.m.5 views

CVE-2024-12743 MailPoet < 5.5.2 - Admin+ Stored XSS

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00166EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/05/15 8:6 p.m.11 views

CVE-2024-12743 MailPoet < 5.5.2 - Admin+ Stored XSS

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00166EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/15 12:0 a.m.3 views

PT-2025-21440 · WordPress · Mailpoet

Name of the Vulnerable Software and Affected Versions: MailPoet WordPress plugin versions prior to 5.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

4.8CVSS4.6AI score0.00166EPSS
Exploits1References4
CNNVD
CNNVDadded 2025/05/15 12:0 a.m.3 views

WordPress plugin MailPoet 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS4.8AI score0.00166EPSS
Exploits1References1
Patchstack
Patchstackadded 2024/11/19 7:33 a.m.3 views

WordPress MailPoet plugin < 5.3.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MailPoet versions 5.3.2...

6.1CVSS6.1AI score0.00173EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2024/11/19 6:15 a.m.13 views

CVE-2024-10103

In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor...

6.1CVSS0.00173EPSS
Exploits1References1
OSV
OSVadded 2024/11/19 6:15 a.m.2 views

CVE-2024-10103

In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor...

6.1CVSS5.8AI score
Exploits0References1
Patchstack
Patchstackadded 2024/11/19 12:0 a.m.10 views

WordPress MailPoet Plugin < 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software MailPoet Type Plugin Vulnerable versions 5.3.2 Fixed in 5.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10103 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9750d9962a7d Credits Dmitrii Ignatyev Required...

6.1CVSS5.8AI score0.00173EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2023/06/01 1:15 p.m.10 views

CVE-2014-125104

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

9.8CVSS7.1AI score0.00478EPSS
Exploits0References4
CVE
CVEadded 2023/06/01 1:0 p.m.42 views

CVE-2014-125104

CVE-2014-125104 concerns VaultPress Plugin up to 1.6.0 on WordPress. The vulnerability affects the function protect_aioseo_ajax in the file class.vaultpress-hotfixes.php within the MailPoet Plugin, enabling unrestricted upload. The issue is exploitable remotely. A fix exists: upgrade to VaultPres...

9.8CVSS8AI score0.00478EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2023/06/01 1:0 p.m.13 views

CVE-2014-125104 VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

6.5CVSS9.6AI score0.00478EPSS
Exploits0References4
NVD
NVDadded 2020/06/02 5:15 p.m.10 views

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

6.1CVSS6.3AI score0.00454EPSS
Exploits0References3
Rows per page
Query Builder