189 matches found
CVE-2026-57739
CVE-2026-57739 affects the WordPress WordPress Plugin AcyMailing SMTP Newsletter (versions up to and including 10.11.0). The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, allowing blind SQL injection. According to the provided metrics, ...
CVE-2026-57394
The CVE-2026-57394 entry concerns Tribulant Software’s Newsletters plugin (WordPress, newsletters-lite, affected
CVE-2026-15297
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...
WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.1...
CVE-2026-1051
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...
CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...
CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...
WordPress plugin Newsletter – Sending awesome emails from WordPress with cross-site request forgeing vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...
PT-2026-3532
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook newsletter action function. This makes it possible for unauthenticated...
CVE-2017-18522
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book...
CVE-2023-25061
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin = 2.7.1.1 versions...
CVE-2023-25031
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin = 2.7.1 versions...
CVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-67999 WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through = 9.0.9...
CVE-2025-67999 WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through = 9.0.9...
CVE-2025-67999
Technical details for CVE-2025-67999 are not provided in the supplied documents. Monitor for updates; the materials do not specify affected product versions, impact, or remediation.
WordPress plugin Newsletter SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Newsletter versions = 9.0.9...
CVE-2025-13515
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...