WordPress Multilist Subscribe for Sendy Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Multilist Subscribe for Sendy Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92425a5d4204 Credits Rafie Muhammad...

Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update

The plugin is using an outdated version of the Freemius library 1.2.2.9, which is known to be affected by a security issue allowing any authenticated users, such as subscriber to set arbitrary blog options PoC As any authenticated user: Enable new user registrations:...

WordPress Multilist Subscribe for Sendy plugin <= 1.6.1 - Subscriber+ Arbitrary Options Update vulnerability

Subscriber+ Arbitrary Options Update vulnerability discovered by 0xdecafbad in WordPress Multilist Subscribe for Sendy plugin versions = 1.6.1. Solution Deactivate and delete. This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending ...

Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update

The plugin is using an outdated version of the Freemius library 1.2.2.9, which is known to be affected by a security issue allowing any authenticated users, such as subscriber to set arbitrary blog options As any authenticated user: Enable new user registrations:...

WordPress Multilist Subscribe for Sendy plugin <= 1.6.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multilist Subscribe for Sendy plugin versions = 1.6.1. Solution No patched version available...