Lucene search
+L

50 matches found

CNNVD
CNNVD
added 2025/05/07 12:0 a.m.4 views

WordPress plugin SendPulse Email Marketing Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists ...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-20160 · Sendpulse · Sendpulse Email Marketing Newsletter

Name of the Vulnerable Software and Affected Versions: SendPulse Email Marketing Newsletter versions n/a through 2.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

6.5CVSS6.7AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/07 6:4 p.m.10 views

CVE-2025-22662

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...

6.5CVSS7.2AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:29 a.m.9 views

CVE-2024-9184

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS6.1AI score0.00442EPSS
Exploits0References1
NVD
NVD
added 2025/02/04 3:15 p.m.19 views

CVE-2025-22662

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...

6.5CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/04 2:21 p.m.16 views

CVE-2025-22662 WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...

6.5CVSS8.6AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 2:21 p.m.58 views

CVE-2025-22662

CVE-2025-22662 describes a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin SendPulse Email Marketing Newsletter (versions up to and including 2.1.5). The root cause is improper neutralization of input during web page generation , enabling stored XSS. Public disclosures in multipl...

6.5CVSS7.2AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 2:21 p.m.22 views

CVE-2025-22662 WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.1.5...

6.5CVSS0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.3 views

WordPress plugin SendPulse Email Marketing Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists ...

6.5CVSS7.9AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.7 views

PT-2025-4613 · Sendpulse · Sendpulse Email Marketing Newsletter

Name of the Vulnerable Software and Affected Versions: SendPulse Email Marketing Newsletter versions prior to 2.1.5 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can...

6.5CVSS9.1AI score0.00223EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/03 4:8 p.m.6 views

WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Webula Patchstack Alliance in WordPress Plugin SendPulse Email Marketing Newsletter versions = 2.1.5...

6.5CVSS6.1AI score0.00223EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/10/17 10:15 a.m.27 views

CVE-2024-9184

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS0.00442EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/17 9:32 a.m.31 views

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS0.00442EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/17 9:32 a.m.13 views

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS6AI score0.00442EPSS
Exploits0References4
CVE
CVE
added 2024/10/17 9:32 a.m.49 views

CVE-2024-9184

CVE-2024-9184 affects the SendPulse Free Web Push plugin for WordPress, vulnerable to Stored Cross-Site Scripting in all versions up to 1.3.6 due to incorrect use of the wp_kses_allowed_html function. The issue enables unauthenticated attackers to inject arbitrary scripts that execute when a user...

7.2CVSS6.4AI score0.00442EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-39475 · Sendpulse · Sendpulse Free Web Push

Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...

7.2CVSS6.5AI score0.00442EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/10/16 9:11 p.m.8 views

WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...

7.2CVSS5.7AI score0.00442EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.16 views

WordPress SendPulse Free Web Push Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software SendPulse Free Web Push Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54dee5d0997d Credits Francesco...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/16 9:15 a.m.4 views

CVE-2023-45274

Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 9:15 a.m.34 views

CVE-2023-45274

Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder