5 matches found
CVE-2026-1051
CVE-2026-1051 (Newsletter – Send awesome emails from WordPress) is a CSRF vulnerability in all versions up to 9.1.0 caused by missing/incorrect nonce validation in hook_newsletter_action(), enabling unauthenticated attackers to unsubscribe newsletter subscribers via a forged request if they can l...
CVE-2025-59413
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...
CVE-2025-59413
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...
CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...
CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...