Lucene search
K

63 matches found

Patchstack
Patchstack
added 2023/06/26 12:0 a.m.9 views

WordPress Subscribe2 Plugin <= 10.40 is vulnerable to Cross Site Request Forgery (CSRF)

Software Subscribe2 Type Plugin Vulnerable versions = 10.40 Fixed in 10.41 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3407 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 26e0461b6319 Credits Marco Wotschka Required...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.19 views

Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls

The vulnerability allows any Author leveled users to perform actions that only an administrator should be allowed to do e.g., sending unsolicited e-mail to users...

4.3CVSS6.8AI score0.00508EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.10 views

WordPress Subscribe2 Plugin <= 10.37 is vulnerable to Cross Site Request Forgery (CSRF)

Software Subscribe2 Type Plugin Vulnerable versions = 10.37 Fixed in 10.38 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e0edf8f617f Credits István Márton Required...

5.8AI score0.00113EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/20 12:0 a.m.15 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. PoC XSS Payload : Steps to reproduce: 1...

5.4CVSS5.4AI score0.00507EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/20 12:0 a.m.378 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...

5.4CVSS5.7AI score0.00507EPSS
Exploits2
OSV
OSV
added 2023/01/16 4:15 p.m.1 views

CVE-2022-4309

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...

3.1CVSS5.9AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2023/01/16 4:15 p.m.17 views

CVE-2022-4309

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...

3.1CVSS3.9AI score0.00238EPSS
Exploits1References1
Prion
Prion
added 2023/01/16 4:15 p.m.26 views

Cross site request forgery (csrf)

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...

2.6CVSS4.2AI score0.00238EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/01/16 3:38 p.m.56 views

CVE-2022-4309

Vulnerability summary (CVE-2022-4309) : The Subscribe2 WordPress plugin (versions before 10.38) is affected by a CSRF weakness in user-deletion functionality. The underlying issue is the absence of a CSRF check when deleting users, which could allow a logged-in admin to delete arbitrary users by ...

3.1CVSS3.9AI score0.00238EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/16 3:38 p.m.7 views

CVE-2022-4309 Subscribe2 < 10.38 - User Deletion via CSRF

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...

4AI score0.00238EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/16 3:38 p.m.21 views

CVE-2022-4309 Subscribe2 < 10.38 - User Deletion via CSRF

The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...

4.3AI score0.00238EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.4 views

WordPress plugin Subscribe2 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

3.1CVSS5.1AI score0.00238EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.6 views

PT-2023-14175 · WordPress · Subscribe2

Name of the Vulnerable Software and Affected Versions: Subscribe2 WordPress plugin versions prior to 10.38 Description: The issue allows attackers to make a logged-in admin delete arbitrary users by knowing their email via a CSRF attack, due to the lack of a CSRF check when deleting users...

3.1CVSS7.3AI score0.00238EPSS
Exploits1References4
CNVD
CNVD
added 2018/04/02 12:0 a.m.2 views

WordPress Subscribe2 Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Subscribe2 plugin is used in which a subscription and email notification management plugin. A cross-site scripting...

6.1CVSS5.8AI score0.01222EPSS
Exploits1References1
Prion
Prion
added 2018/03/29 6:29 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

4.3CVSS6.2AI score0.01222EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/03/29 6:29 p.m.12 views

CVE-2014-6604

Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

6.1CVSS6.2AI score0.01222EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/03/29 6:0 p.m.17 views

CVE-2014-6604

Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

6.2AI score0.01222EPSS
Exploits1References2
CVE
CVE
added 2018/03/29 6:0 p.m.37 views

CVE-2014-6604

Vulnerability context: CVE-2014-6604 affects the WordPress Subscribe2 plugin, specifically the class-s2-list-table.php component, with exploitation via the ip parameter. The issue is an XSS vulnerability in versions prior to 10.16. What’s affected: Subscribe2 plugin for WordPress (plugin file: cl...

6.1CVSS6.1AI score0.01222EPSS
Exploits1References2Affected Software1
Openbugbounty
Openbugbounty
added 2015/07/21 8:21 p.m.11 views

depositphotos.com XSS vulnerability

Vulnerable URL: http://depositphotos.com/subscribe2.html?utmexpid=78670605-22.HsKVbNNARACXW7xApnRmQ.2%5Bpage%5D=?sq=32t8w0%5Bexclude%5D%5B0%5D=login%22%3E%3Csvg/onload%3dalert%28/xssposed/%29%3Ereferrer=http://depositphotos.com/52002839/stock-photo-the-word-nope.html?sq=32t8w0=0 Details:...

6.3AI score
Exploits0
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.16 views

WordPress Subscribe2 Plugin <= 8.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

2.3AI score
Exploits0References3Affected Software1
Rows per page
Query Builder