Lucene search
K

81 matches found

CVE
CVE
added 2024/06/13 11:51 p.m.62 views

CVE-2023-35040

CVE-2023-35040 affects WordPress plugin SendPress Newsletters (versions up to and including 1.23.11.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in SendPress Newsletters, with unauthenticated access potentially allowed due to insufficient authorizati...

9.8CVSS8.6AI score0.00347EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.4 views

WordPress plugin SendPress Newsletters Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

9.8CVSS6.8AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2024/04/08 5:15 a.m.16 views

CVE-2024-1589

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.4AI score0.00405EPSS
Exploits2References1
NVD
NVD
added 2024/04/08 5:15 a.m.23 views

CVE-2024-1588

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.8CVSS5.4AI score0.0071EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/08 5:0 a.m.12 views

CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00405EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/08 5:0 a.m.21 views

CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.0071EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/08 5:0 a.m.27 views

CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5AI score0.00405EPSS
Exploits2References1
OSV
OSV
added 2024/04/08 5:0 a.m.8 views

CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.8CVSS6AI score0.0071EPSS
Exploits2References4
Cvelist
Cvelist
added 2024/04/08 5:0 a.m.25 views

CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5AI score0.0071EPSS
Exploits2References1
OSV
OSV
added 2024/04/08 5:0 a.m.3 views

CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS6AI score0.00405EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.8 views

WordPress Plugin SendPress Newsletters 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.8CVSS5.8AI score0.0071EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.6 views

WordPress Plugin SendPress Newsletters 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS5.8AI score0.00405EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2024/03/18 12:0 a.m.15 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Click SendPress which is...

5.4AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.171 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress which is available ...

5.7AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.180 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress in the Admin menu...

5.7AI score0.0071EPSS
Exploits2
Patchstack
Patchstack
added 2023/12/13 12:0 a.m.13 views

WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS)

Software SendPress Newsletters Type Plugin Vulnerable versions = 1.22.3.31 Fixed in 1.23.11.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5660 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID faf50926089e Credits István...

6.4CVSS5.7AI score0.0067EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.14 views

SendPress Newsletters < 1.23.11.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS7.7AI score0.0067EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.15 views

SendPress Newsletters <= 1.23.11.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8AI score0.00412EPSS
Exploits0
NVD
NVD
added 2023/11/14 11:15 p.m.23 views

CVE-2023-47517

Unauth. Reflected Cross-Site Scripting XSS vulnerability in SendPress Newsletters plugin = 1.23.11.6 versions...

7.1CVSS0.00412EPSS
Exploits0References1
Prion
Prion
added 2023/11/14 11:15 p.m.16 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in SendPress Newsletters plugin = 1.23.11.6 versions...

5.8CVSS6.1AI score0.00412EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder