Lucene search
K

15 matches found

Nuclei
Nuclei
added 19 hours ago12 views

WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection

Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...

7.5CVSS6AI score0.01382EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2025-67911

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 10:15 a.m.3 views

CVE-2025-67911

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.3 views

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS6.6AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 9:17 a.m.16 views

CVE-2025-67911

CVE-2025-67911 describes a Deserialization of Untrusted Data vulnerability in the Tribulant Software Newsletters newsletters-lite plugin. The WordPress/newsletters entry states unauthenticated Object Injection via deserialization, affecting Newsletters: from n/a through

9.8CVSS6.6AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1889

Name of the Vulnerable Software and Affected Versions Tribulant Software Newsletters versions prior to 4.11 Description An issue exists in Tribulant Software Newsletters newsletters-lite related to the deserialization of untrusted data, which allows for object injection. Recommendations Update to...

9.8CVSS6.6AI score0.00375EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.4 views

CVE-2025-69020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

6.5CVSS6AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 11:16 a.m.4 views

CVE-2025-69020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

6.5CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13523

Malware in sbrugna...

9.8CVSS9.5AI score0.02129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 a.m.6 views

CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...

9.8CVSS7.2AI score0.02129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.3 views

CVE-2025-30921

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tribulant Software Newsletters newsletters-lite allows SQL Injection.This issue affects Newsletters: from n/a through = 4.9.9.7...

7.6CVSS7.3AI score0.00494EPSS
Exploits1References3
OSV
OSV
added 2019/08/22 8:15 p.m.4 views

CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...

9.8CVSS5.8AI score0.02129EPSS
Exploits0References2
Prion
Prion
added 2019/08/22 8:15 p.m.15 views

Design/Logic Flaw

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...

7.5CVSS9.7AI score0.02129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/22 7:4 p.m.20 views

CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...

9.9AI score0.02129EPSS
Exploits0References2
CVE
CVE
added 2019/08/22 7:4 p.m.54 views

CVE-2018-20987

CVE-2018-20987 affects the Newsletters Lite WordPress plugin. The connected documents confirm a PHP object injection flaw in newsletters-lite before version 4.6.8.6, caused by an insecure deserialization condition in the plugin’s code path. This vulnerability can enable remote code execution or s...

9.8CVSS9.7AI score0.02129EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder