Lucene search
+L

5 matches found

CVE
CVE
added 2026/01/20 1:22 a.m.13 views

CVE-2026-1051

CVE-2026-1051 (Newsletter – Send awesome emails from WordPress) is a CSRF vulnerability in all versions up to 9.1.0 caused by missing/incorrect nonce validation in hook_newsletter_action(), enabling unauthenticated attackers to unsubscribe newsletter subscribers via a forged request if they can l...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 4:34 p.m.7 views

CVE-2025-59413

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...

6.5CVSS6.7AI score0.00374EPSS
Exploits1References1
NVD
NVD
added 2025/09/22 5:16 p.m.9 views

CVE-2025-59413

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...

6.5CVSS0.00374EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/22 4:15 p.m.11 views

CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...

6.5CVSS0.00374EPSS
Exploits1References4
OSV
OSV
added 2025/09/22 4:15 p.m.7 views

CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...

6.5CVSS6.7AI score0.00374EPSS
Exploits1References6
Rows per page
Query Builder