Lucene search
K

627 matches found

Nuclei
Nuclei
added 5 hours ago9 views

WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection

Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References2
Nuclei
Nuclei
added 5 hours ago22 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.4AI score0.04184EPSS
Exploits3References2
Cvelist
Cvelist
added 9 hours ago10 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS
Exploits0References12
CVE
CVE
added 9 hours ago10 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score
Exploits0References12
Patchstack
Patchstack
added yesterday5 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-57645

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-54840

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-57645

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS5.8AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-57645

CVE-2026-57645 affects the WordPress Newsletters plugin (versions

8.1CVSS5.8AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39682

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-54840

The CVE-2026-54840 entry concerns WordPress Newsletters plugin, versions up to 4.13, with an unauthenticated broken access control flaw. The connected sources confirm the affected product and vulnerability class but do not specify exact vulnerable parameters, affected data, exploit methods, or re...

7.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS0.00213EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Prodigysec in WordPress Plugin Newsletters versions = 4.13...

8.1CVSS5.8AI score0.00189EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:14 p.m.4 views

WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...

7.3CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 a.m.18 views

CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/10 8:52 a.m.10 views

WordPress Newsletters plugin <= 4.13 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Newsletters versions = 4.13...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/10 8:28 a.m.34 views

CVE-2026-3018

The WordPress Newsletters plugin (versions

7.5CVSS5.8AI score0.01382EPSS
In wildExploits0References3
Rows per page
Query Builder