EUVD-2017-9618

Malware in sbrugna...

CVE-2021-24556

The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

Contact Form Plugin by Fluent Forms < 5.1.14 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via form settings due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Fluent Forms settings, to inject arbitrary web scripts in pages that will execut...

CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...

Social Share Buttons < 2.2.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements available to any authenticated users, leading to SQL injections...

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

The plugin does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

CVE-2021-24556

The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

WordPress Email Subscriber plugin <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shreya Pohekar in WordPress Email Subscriber plugin versions = 1.1. Solution This plugin has been closed as of May 19, 2021 and is not available for download. Reason: Security Issue...

WordPress subscriber plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. subscriber plugin is a subscription management plugin used in it. A cross-site scripting vulnerability exists in WordPress subscriber...

CVE-2017-18502

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...

CVE-2017-18502

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...

Cross site scripting

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...

CVE-2017-18502

CVE-2017-18502 affects the WordPress subscriber plugin prior to version 1.3.5. The issue is multiple XSS vulnerabilities in the subscriber plugin, enabling an authenticated attacker to execute arbitrary JavaScript in victims’ browsers (potential cookie/credentials risk) as described in connected ...

CVE-2017-18502

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...