50 matches found
WordPress plugin SendPulse Email Marketing Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists ...
PT-2025-20160 · Sendpulse · Sendpulse Email Marketing Newsletter
Name of the Vulnerable Software and Affected Versions: SendPulse Email Marketing Newsletter versions n/a through 2.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
CVE-2025-22662
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...
CVE-2024-9184
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2025-22662
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...
CVE-2025-22662 WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...
CVE-2025-22662
CVE-2025-22662 describes a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin SendPulse Email Marketing Newsletter (versions up to and including 2.1.5). The root cause is improper neutralization of input during web page generation , enabling stored XSS. Public disclosures in multipl...
CVE-2025-22662 WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...
WordPress plugin SendPulse Email Marketing Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists ...
PT-2025-4613 · Sendpulse · Sendpulse Email Marketing Newsletter
Name of the Vulnerable Software and Affected Versions: SendPulse Email Marketing Newsletter versions prior to 2.1.5 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can...
WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Webula Patchstack Alliance in WordPress Plugin SendPulse Email Marketing Newsletter versions = 2.1.5...
CVE-2024-9184
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2024-9184
CVE-2024-9184 affects the SendPulse Free Web Push plugin for WordPress, vulnerable to Stored Cross-Site Scripting in all versions up to 1.3.6 due to incorrect use of the wp_kses_allowed_html function. The issue enables unauthenticated attackers to inject arbitrary scripts that execute when a user...
PT-2024-39475 · Sendpulse · Sendpulse Free Web Push
Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...
WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...
WordPress SendPulse Free Web Push Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)
Software SendPulse Free Web Push Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54dee5d0997d Credits Francesco...
CVE-2023-45274
Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...
CVE-2023-45274
Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...