63 matches found
WordPress Subscribe2 Plugin <= 10.40 is vulnerable to Cross Site Request Forgery (CSRF)
Software Subscribe2 Type Plugin Vulnerable versions = 10.40 Fixed in 10.41 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3407 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 26e0461b6319 Credits Marco Wotschka Required...
Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls
The vulnerability allows any Author leveled users to perform actions that only an administrator should be allowed to do e.g., sending unsolicited e-mail to users...
WordPress Subscribe2 Plugin <= 10.37 is vulnerable to Cross Site Request Forgery (CSRF)
Software Subscribe2 Type Plugin Vulnerable versions = 10.37 Fixed in 10.38 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e0edf8f617f Credits István Márton Required...
FluentSMTP < 2.2.3 - Stored XSS via Email Logs
The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. PoC XSS Payload : Steps to reproduce: 1...
FluentSMTP < 2.2.3 - Stored XSS via Email Logs
The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...
CVE-2022-4309
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...
CVE-2022-4309
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...
Cross site request forgery (csrf)
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...
CVE-2022-4309
Vulnerability summary (CVE-2022-4309) : The Subscribe2 WordPress plugin (versions before 10.38) is affected by a CSRF weakness in user-deletion functionality. The underlying issue is the absence of a CSRF check when deleting users, which could allow a logged-in admin to delete arbitrary users by ...
CVE-2022-4309 Subscribe2 < 10.38 - User Deletion via CSRF
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...
CVE-2022-4309 Subscribe2 < 10.38 - User Deletion via CSRF
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack...
WordPress plugin Subscribe2 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2023-14175 · WordPress · Subscribe2
Name of the Vulnerable Software and Affected Versions: Subscribe2 WordPress plugin versions prior to 10.38 Description: The issue allows attackers to make a logged-in admin delete arbitrary users by knowing their email via a CSRF attack, due to the lack of a CSRF check when deleting users...
WordPress Subscribe2 Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Subscribe2 plugin is used in which a subscription and email notification management plugin. A cross-site scripting...
Cross site scripting
Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
CVE-2014-6604
Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
CVE-2014-6604
Cross-site scripting XSS vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
CVE-2014-6604
Vulnerability context: CVE-2014-6604 affects the WordPress Subscribe2 plugin, specifically the class-s2-list-table.php component, with exploitation via the ip parameter. The issue is an XSS vulnerability in versions prior to 10.16. What’s affected: Subscribe2 plugin for WordPress (plugin file: cl...
depositphotos.com XSS vulnerability
Vulnerable URL: http://depositphotos.com/subscribe2.html?utmexpid=78670605-22.HsKVbNNARACXW7xApnRmQ.2%5Bpage%5D=?sq=32t8w0%5Bexclude%5D%5B0%5D=login%22%3E%3Csvg/onload%3dalert%28/xssposed/%29%3Ereferrer=http://depositphotos.com/52002839/stock-photo-the-word-nope.html?sq=32t8w0=0 Details:...
WordPress Subscribe2 Plugin <= 8.0 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...